ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam 70-413 All Questions

View all questions & answers for the 70-413 exam
Go to Exam

Exam 70-413 topic 1 question 48 discussion

Actual exam question from Microsoft's 70-413
Question #: 48
Topic #: 1
[All 70-413 Questions]

Your network contains an Active Directory forest named contoso.com. The forest contains one domain.
Your company plans to open a new division named Division1. A group named Division1Admins will administer users and groups for Division1.
You identify the following requirements for Division1:
✑ All Division1 users must have a complex password that is 14 characters.
✑ Division1Admins must be able to manage the user accounts for Division1.
✑ Division1Admins must be able to create groups, and then delete the groups that they create.
✑ Division1Admins must be able to reset user passwords and force a password change at the next logon for all Division1 users.
You need to recommend changes to the forest to support the Division1 requirements.
What should you recommend?
More than one answer choice may achieve the goal. Select the BEST answer.

  • A. In the forest, create a new organizational unit (OU) named Division1 and delegate permissions for the OU to the Division1Admins group. Move all of the Division1 user accounts to the new OU. Create a fine-grained password policy for the Division1 users.
  • B. Create a new child domain named division1.contoso.com. Move all of the Division1 user accounts to the new domain. Add the Division1Admin members to the Domain Admins group. Configure the password policy in a Group Policy object (GPO).
  • C. Create a new forest. Migrate all of the Division1 user objects to the new forest and add the Division1Admins members to the Enterprise Admins group. Configure the password policy in a Group Policy object (GPO).
  • D. In the forest, create a new organizational unit (OU) named Division1 and add Division1Admins to the Managed By attribute of the new OU. Move the Division1 user objects to the new OU. Create a fine-grained password policy for the Division1 users.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by spam at Feb. 10, 2020, 8 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
rcgonzal
4 years, 7 months ago
Although the A is the best response por the least work to complish, it is not the best option, the best is the option B, because is the standar way to create a organization individual administration, the Fine Grain Policies are used for exeptional situations when we need assign some password policies to "some administrative accounts", is bad practice using FGP like standard practice for manage password policies for "some users".
upvoted 1 times
...
spam
5 years, 4 months ago
By adding Division Admins to the Managed By attribute ; they would be able to manage GPOs on this OU. That was not asked. So answer A is right answer.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel