ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam 70-413 All Questions

View all questions & answers for the 70-413 exam
Go to Exam

Exam 70-413 topic 1 question 47 discussion

Actual exam question from Microsoft's 70-413
Question #: 47
Topic #: 1
[All 70-413 Questions]

You are designing an Active Directory forest for a company named Contoso, Ltd. Contoso identifies the following administration requirements for the design:
✑ User account administration and Group Policy administration will be performed by network technicians. The technicians will be added to a group named
OUAdmins.
✑ IT staff who are responsible for backing up servers will have user accounts that are members of the Backup Operators group in the domain.
✑ All user accounts will be located in an organizational unit (OU) named AllEmployees.
You run the Delegation of Control Wizard and assign the OUAdmins group full control to all of the objects in the AllEmployeesOU.
After delegating the required permissions, you discover that the user accounts of some of the IT staff have inconsistent permissions on the objects in
AllEmployees.
You need to recommend a solution to ensure that the members of OUAdmins can manage all of the objects in AllEmployees.
What should you include in the recommendation?

  • A. Remove the IT staff user accounts from Backup Operators and place them in a new group. Grant the new group the Backup files and directories user right and the Restore files and directories user right. Enforce permission inheritance on all of the objects in the AllEmployeesOU.
  • B. Create separate administrator user accounts for the technicians. Enforce permission inheritance on all of the objects in the AllEmployeesOU. Delegate permissions to the new user accounts.
  • C. Enforce permission inheritance on all of the objects in the AllEmployeesOU. Run the Delegation of Control Wizard.
  • D. Move the user accounts of the technicians to a separate OU. Enforce permission inheritance on all of the objects in the AllEmployeesOU. Run the Delegation of Control Wizard on the AllEmployeesOU.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
The users will still have their backup rights and when the delegated permissions are reapplied to the OU, AdminSDHolder will not find the accounts as members of the protected Backup Operators group any longer and will do nothing. Thus, leaving the accounts with the limited delegated rights required.
by NotBillGates at Jan. 22, 2020, 6:16 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
spam
5 years, 3 months ago
Maybe Im not thinking straight on this one but if the IT Staff are members of the Backup Operators group and that group is protected by AdminSDHolder (and SDPROP to be precise) but you wish to give them Delegated Rights on an OU for User and GPO administration only then using answer B as the solution will give them elevated privileges If you use answer A the users will still have their backup rights and when the delegated permissions are reapplied to the OU, AdminSDHolder will not find the accounts as members of the protected Backup Operators group any longer and will do nothing. Thus leaving the accounts with the limited delegated rights required IMO the answer is A
upvoted 2 times
NotBillGates
4 years, 12 months ago
Yep, I make you right after reading up on AdminSDHolder!
upvoted 1 times
...
...
NotBillGates
5 years, 4 months ago
This should be C from what I can tell. The issue is that the OU admins group that you've granted access to the OU "All Employees" is finding that some of the sub objects haven't received ACL granting them access to manage. So, if you force inheritance on the OU and delegate permissions again, this should correct. Not sure why the backup operators role has come into this.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel