What should you include in your plan?

Your network consists of one Active directory domain. The functional level of the domain is Windows
Server 2008 R2. The organizational units (OUs) are configured as shown in the exhibit. (Click the
Exhibit button.)

The Human Resources OU does not contain user accounts. Help desk technicians respond to all user
service requests. You need to plan the management of all users on the network.
The solution must meet the following requirements:
Help desk technicians must have only the minimum number of required rights in the domain.
Help desk technicians must be able to reset all user passwords except IT administrator passw ords
and manager passwords.
What should you include in your plan?

Your network consists of one Active directory domain. The functional level of the domain is Windows
Server 2008 R2. The organizational units (OUs) are configured as shown in the exhibit. (Click the
Exhibit button.)

The Human Resources OU does not contain user accounts. Help desk technicians respond to all user
service requests. You need to plan the management of all users on the network.
The solution must meet the following requirements:
Help desk technicians must have only the minimum number of required rights in the domain.
Help desk technicians must be able to reset all user passwords except IT administrator passw ords
and manager passwords.
What should you include in your plan?

A.
Delegate the Reset user passwords and force password change at next logon permission to the
help desk technicians in the Employees OU.

B.
Delegate the Reset inetOrgPerson passwords and force password change at next logon permission
to the help desk technicians in the Employees OU.

C.
Delegate the Reset user passwords and force password change at next logon permission to the
help desk technicians in the Human Resources OU. Block Group Policy object (GPO) inheritance for
the IT Administrators OU and the Managers OU.

D.
Delegate the Reset inetOrgPerson passwords and force password change at next logon permission
to the help desk technicians in the Human Resources OU. Block Group Policy object (GPO)
inheritance for the IT Administrators OU and the Managers OU.

Explanation:
To ensure that Help desk users that are part of EmpOU should possess only the minimum number of
required rights in the domain to reset all user passwords, except IT administrator passwords and
manager passwords, you need to delegate the inetOrgPerson passwords and force password change
at next logon permission to the support technicians in the EmpOU. This is because the Help desk
users are the part of EmpOU. The inetorgperson objects can be used by the Delegation Wizard to set
the required Active Directory access permissions on objects to give users various levels of control. It
will enable Help desk users to reset all user passwords, except IT administrator passwords and
manager passwords.
How to customize the task list in the Delegation Wizard
http://support.microsoft.com/kb/308404
http://www.informit.com/guides/content.aspx?g=windowsserver&seqNum=44



Leave a Reply 0

Your email address will not be published. Required fields are marked *