Which cmdlet should you run?

Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The domain contains two domain controllers named

DC1 and DC2 that run Windows Server 2012 R2.
The domain contains a user named User1 and a global security group named Group1.
You need to ensure that User1 can manage the group membership of Group1. The solution must minimize the number of permissions assigned to User1.
Which cmdlet should you run?

Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The domain contains two domain controllers named

DC1 and DC2 that run Windows Server 2012 R2.
The domain contains a user named User1 and a global security group named Group1.
You need to ensure that User1 can manage the group membership of Group1. The solution must minimize the number of permissions assigned to User1.
Which cmdlet should you run?

A.
Add-AdPrincipalGroupMembership

B.
Install-AddsDomainController

C.
Install-WindowsFeature

D.
Install-AddsDomain

E.
Rename AdOh

F.
Set-AdAccountControl

G.
Set-AdGroup

H.
Set-User

Explanation:
The Set-ADGroup cmdlet modifies the properties of an Active Directory group. You can modify commonly used property values by using the cmdlet parameters.
ManagedBy Specifies the user or group that manages the object by providing one of the following property values. Note:
The identifier in parentheses is the LDAP display name for the property.
Distinguished Name
Example: CN=SaraDavis,OU=Europe,CN=Users,DC=corp,DC=contoso,DC=com GUID (objectGUID)
Example: 599c3d2e-f72d-4d20-8a88-030d99495f20
Security Identifier (objectSid)
Example: S-1-5-21-3165297888-301567370-576410423-1103
SAM Account Name (sAMAccountName)
Example: saradavis
The Install-ADDSDomainController cmdlet installs a domain controller in Active Directory. Example: C:\\PS>Install-ADDSDomainController -InstallDns -Credential
(Get-Credential CORP\\Administrator) -DomainName “corp.contoso.com”

http://technet.microsoft.com/en-us/library/hh974723.aspx http://technet.microsoft.com/en-us/library/ee617199.aspx http://technet.microsoft.com/en-us/library/
ee617225.aspx

Show Hint

Leave a Reply 2

Your email address will not be published. Required fields are marked *

Jacky

Jacky

The answer is A, not

===================

The Add-ADPrincipalGroupMembership cmdlet adds a user, group, service account, or computer as a new member to one or more Active Directory groups.

The Identity parameter specifies the new user, computer, or group to add. You can identify the user, group, or computer by its distinguished name (DN), GUID, security identifier (SID), or SAM account name. You can also specify a user, group, or computer object variable, such as $, or pass an object through the pipeline to the Identity parameter. For example, you can use the Get-ADGroup cmdlet to get a group object and then pass the object through the pipeline to the Add-ADPrincipalGroupMembership cmdlet. Similarly, you can use Get-ADUser or Get-ADComputer to get user and computer objects to pass through the pipeline.

Reply

Jacky

Jacky

Sorry. The answer is G.

Reply