Your network consists of one Active Directory domain that contains only domain controllers that run
Windows Server 2003. Your company acquires another company. You need to provide user accounts
for the employees of the newly acquired company. The solution must support multiple account
lockout policies. What should you do?
A.
Implement Authorization Manager.
B.
Implement Active Directory Federation Services (AD FS).
C.
Upgrade one domain controller to Windows Server 2008. Raise the functional level of the domain
to Windows Server 2003.
D.
Upgrade all domain controllers to Windows Server 2008. Raise the functional level of the domain
to Windows Server 2008.
Explanation:
To support multiple account lockout policies, you need to upgrade all domain controllers to
Windows Server 2008. In Microsoft® Windows 2000 and Windows Server 2003 Active Directory
domains, you could apply only one password and account lockout policy. In Windows Server 2008,
you can use fine-grained password policies to specify multiple password policies and apply different
password restrictions and account lockout policies to different sets of users within a single domain.
Next you need to raise the functional level of the domain to Windows Server 2008 because Windows
Server 2003 functional level does not support Windows Server 2008 domain controllers.
Step-by-Step Guide for Fine-Grained Password and Account Lockout Policy Configuration
http://technet2.microsoft.com/windowsserver2008/en/library/2199dcf7-68fd-4315-87ccade35f8978ea1033.mspx?mfr=true
Appendix of Functional Level Features
http://technet2.microsoft.com/windowsserver2008/en/library/34678199-98f1-465f-9156-
c600f723b31f1033.mspx?mfr=true