Your network contains an Active Directory domain named contoso.com. The domain contains a computer named Computer1 that runs Windows 10. You have the groups shown in the following table. Which groups can you add to Group4?
The correct answer is A.
Group 4 is a local group therefore Universal Distribution Groups cannot be nested.
Group 4 is a local group therefore other local Groups cannot be nested.
I get why the majority here will choose A. But because the key difference here is that the question is not about group nesting in en Entra tenant but about on-site AD. And on-site AD allows more complex nesting scenarios compared to Azure AD. There fore i lean towards D.
That's not right at all. Global Administrators have permission control of local Groups and Universal Distribution Groups distribute all sorts of GPO's to local machines, even across domains. It's possible but not necessary, to
nest a GA in a local Group. GA has permissions to all forested Groups in the Domain.
Answer D is wrong. Unable to add local security group, universal distribution group. Just another local computer group or domain security group. The correct answer is C.
1) Universal group can be member of:
"Local groups on computers in the same forest or trusting forests"
2) Global group can be member of:
"Domain Local groups from any domain in the same forest, or from any trusting domain"
3) Domain local group can be member of:
"Local groups on computers in the same domain, excluding built-in groups that have well-known security identifiers (SIDs)"
Ref:
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-security-groups#:~:text=Local%20groups%20on%20computers%20in%20the%20same%20forest%20or%20trusting%20forests
Read for yourself, it's laid out clear as day in the table at the top of the page: https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-security-groups
After extensive research:
Group 1 Universal type group can't be added to group 4 (local). Universal type groups can"-'t be added to local groups.
Group 2 (global) can be added to a local group (group 4)
Group 3 can't be added to group 4 because local groups can not be nested (even on the same device).
Domain Local Possible members : Accounts from any domain or any trusted domain
Global groups from any domain or any trusted domain
Universal groups from any domain in the same forest
Other Domain Local groups from the same domain
Accounts, Global groups, and Universal groups from other forests and from external domains
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-security-groups
An AD computer, a local group can include:
- Local users and groups from the same computer.
- Domain users and groups (including domain local, global, and universal groups) from the same domain or trusted domains.
It looks as the given answer is correct
Correct Answer is A - Lab-tested. Only Domain Security groups (universal, global and domain local ) can be addedd. Any kind of Domain Distribution groups(Uni/Glob/Dloc) is not selectable by the picker. Computer1 local group cannot be added. Confusion is probably due to Domain Local grups and Computer Local groups...
A
Group3 is a local group specific to Computer1. Local groups can contain users, global groups, and other local groups from the same computer. However, they cannot be added to groups from other domains or computers.
Since Group4 is also a local group on Computer1, it cannot contain Group3 because local groups cannot be nested within each other. Therefore, Group3 cannot be added to Group4.
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc755692(v=ws.10)?redirectedfrom=MSDN
Group 4 is domain local group which can include any groups
I just tried in a lab environment to create two groups (Security Group and Universal Distribution) on a domain and two other local groups (group3 and group4) on the Win10 device that is joined to the domain. I attempted to add group3 and the 'Universal Distribution' group to group4, but it wouldn't allow me to do so. Then I tried adding the 'Security Group', and it was successfully added to group4 without any issues. Therefore, I can confirm with 100% certainty that the correct answer is 'A: Group2 only.'
Given answer D is correct.
Based on following link
https://learn.microsoft.com/en-us/windows/win32/ad/nesting-in-native-mode#:~:text=A%20domain%20local%20group,other%20domain%20or%20forest
"A domain local group can contain universal groups, global groups and accounts from any domain or forest.
A domain local group can also contain other domain local groups from the same domain that the group belongs to.
A domain local group cannot contain other domain local groups from any other domain or forest."
So, a Domain Local Group (Group4 in question) can nest:
1. other Domain Local Group from the same domain (Group3 is from the same Location: Computer1)
2. Global Security Groups (Group2)
3. Universal distribution Groups (Group1)
Any helpful comment is welcome.
This section is not available anymore. Please use the main Exam Page.MD-102 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
picho707
Highly Voted 1 year, 6 months ago93831b0
8 months agoOyYaGotta
1 year, 1 month agoTemptset
1 year, 6 months agoOyYaGotta
1 year, 1 month agovolto
Highly Voted 1 year, 8 months agopicho707
1 year, 7 months agopicho707
1 year, 6 months agoKnight_Of_Peace
Most Recent 1 month, 3 weeks agocarllaurel
2 months, 1 week agoTedEx2
4 months, 2 weeks agoPisces225
5 months, 1 week agoLionelDerBoven
7 months, 3 weeks agodnt91
7 months, 4 weeks ago93831b0
8 months, 2 weeks agoHellfireZA
8 months, 2 weeks agoCezt
8 months, 4 weeks agoJt909
9 months, 3 weeks agoCJL324
11 months, 2 weeks agoMR_Eliot
1 year, 1 month agozeos_ucok
1 year, 1 month agoflc
1 year, 1 month agoVLAG
1 year, 1 month agoMaclouis116
10 months, 2 weeks ago