ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam 70-412 All Questions

View all questions & answers for the 70-412 exam
Go to Exam

Exam 70-412 topic 2 question 38 discussion

Actual exam question from Microsoft's 70-412
Question #: 38
Topic #: 2
[All 70-412 Questions]

Your network contains an Active Directory forest. The forest contains one domain named adatum.com. The domain contains four domain controllers. The domain controllers are configured as shown in the following table.

DC2 has all of the domain-wide operations master roles. DC3 has all of the forest-wide operation master roles.
You need to ensure that you can use Password Settings objects (PSOs) in the domain.
What should you do first?

  • A. Uninstall Active Directory from DC1.
  • B. Change the domain functional level.
  • C. Transfer the domain-wide operations master roles.
  • D. Transfer the forest-wide operations master roles.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
In Windows Server 2008 and later, you can use fine-grained password policies to specify multiple password policies and apply different password restrictions and account lockout policies to different sets of users within a single domain.
Note: In Microsoft Windows 2000 and Windows Server 2003 Active Directory domains, you could apply only one password and account lockout policy, which is specified in the domain's Default Domain Policy, to all users in the domain. As a result, if you wanted different password and account lockout settings for different sets of users, you had to either create a password filter or deploy multiple domains. Both options were costly for different reasons.
Reference: AD DS Fine-Grained Password and Account Lockout Policy Step-by-Step Guide
by wazmac at March 25, 2020, 5:53 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
nikogovic
5 years, 1 month ago
The question states "What should you do first?". First you uninstall Active Directory from DC1, then you change domain functional level. So provided answer is correct (A).
upvoted 4 times
...
wazmac
5 years, 2 months ago
The answer should be B, because to use PSO's The domain functional level must be at least Windows Server 2008.
upvoted 3 times
Sweemz
5 years, 1 month ago
Wrong/contradicting answer. Correct answer is A as PSO is a 2008 feature. You need the domain function level at minimum 2008 thus you would 1st remove the 2003 Domain Controller running ADDS and then raise the domain function level to 2008.
upvoted 2 times
wazmac
5 years ago
I stand corrected, that makes more sense, thanks Sweemz & nikogovic. :)
upvoted 2 times
...
...
Sharma
4 years, 9 months ago
wazmac is absolutely correct, please visit this link for confirmation https://www.tech-coffee.net/fine-grained-password-policy-active-directory/
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel