ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-800 All Questions

View all questions & answers for the AZ-800 exam
Go to Exam

Exam AZ-800 topic 1 question 64 discussion

Actual exam question from Microsoft's AZ-800
Question #: 64
Topic #: 1
[All AZ-800 Questions]

You have a Microsoft Entra Domain Services domain named contoso.com.

You need to provide an administrator with the ability to manage Group Policy Objects (GPOs). The solution must use the principle of least privilege.

To which group should you add the administrator?

  • A. AAD DC Administrators
  • B. Domain Admins
  • C. Schema Admins
  • D. Enterprise Admins
  • E. Group Policy Creator Owners
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Ksk08 at Oct. 14, 2024, 6:24 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
AnonChen
3 weeks, 6 days ago
Selected Answer: A
Co-Pilot: AAD DC Administrators This group is specific to Microsoft Entra Domain Services. Members of this group have administrative privileges in the managed domain, including the ability to: Create and manage GPOs Administer domain-joined machines Manage users and groups within the domain This group is the least privileged group that still allows full GPO management in Entra Domain Services. E. Group Policy Creator Owners Allows users to create new GPOs, but not manage existing ones. Also, in Entra Domain Services, this group is not typically used or exposed.
upvoted 1 times
...
SunRise
6 months ago
Selected Answer: A
Please do your research by if my analysis is right: The question is talking about Entra DS, not on-prim, so if I am not mistake there no group as GP Creator Owner there, the the Answer should be A
upvoted 2 times
...
Krayzr
6 months, 2 weeks ago
Selected Answer: A
AAD AD Admins
upvoted 3 times
...
VirtuaTech
6 months, 3 weeks ago
Selected Answer: E
Group Policy Creator Owners = Just the right access to just manage GPOs
upvoted 2 times
...
Ksk08
8 months, 2 weeks ago
Answer is E
upvoted 2 times
Abdullah993
8 months ago
Answer is A
upvoted 5 times
Ksk08
7 months, 1 week ago
Imagine a building with many rooms: Domain Admins = Access to everything (too much) Enterprise Admins = Access to multiple buildings (way too much) Schema Admins = Access to building blueprints (wrong type of access) AAD DC Administrators = Access to different areas (not specific enough) Group Policy Creator Owners = Just the right access to just manage GPOs
upvoted 1 times
FERNFHIT
6 months, 3 weeks ago
Wrong. The Group Policy Creator Owners group lets its members create new GPOs. However, those members can only edit or delete GPOs that they have created. The Group Policy Creator Owners group also has no permission to link GPOs to a container such as a domain or OU.... therefor members of that group cannot sufficiently manage group policies.
upvoted 3 times
...
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel