https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/delegating-administration-by-using-ou-objects
You can use organizational units (OUs) to delegate the administration of objects, such as users or computers, within the OU to a designated individual or group
"principle of least privilege" so answer is D
Create a delegation on OU3 would be the best option to meet the requirement for User1 to manage the membership of all the groups in Contoso\OU3 while following the principle of least privilege. Delegation allows you to assign specific administrative tasks to users or groups without granting them full control over the object.
In order to change a "group member", you need to have permissions to change "member of" of affected user or group. So delegation to OU of groups is not enough. B should be correct.
When you delegate to an OU you can be extremly granular, so D) is correct.
C) Account Operators also has an interesting side effect, it allows Local Login on Domain Controllers. Great for least privilege!
upvoted 3 times
...
This section is not available anymore. Please use the main Exam Page.AZ-800 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
prepper666
Highly Voted 1 year, 5 months agoGoforIT21
1 year, 4 months agosyu31svc
Most Recent 7 months, 1 week agoempee1977
9 months, 1 week agojohosofat
1 year agoJawad1462
1 year agoxrisimix
1 year, 1 month agoWMG
1 year, 3 months ago