Your network contains an Active Directory forest named contoso.com.
You need to identify whether a fine-grained password policy is applied to a specific group.
Which tool should you use?

A.
Credential Manager

B.
Group Policy Management Editor

C.
Active Directory Users and Computers

D.
Active Directory Sites and Services

Explanation:
Use Active Directory Users and Computers to determine the value of the msDS-PSOApplied
attribute of the specific group:
1. Open the Properties windows for the group in Active Directory Users and Computers
2. Click the Attribute Editor tab, and then click Filter
3. Ensure that the Show attributes/Optional check box is selected.
4. Ensure that the Show read-only attributes/Backlinks check box is selected.
5. Locate the value of msDS-PSOApplied in the Attributes list.

http://technet.microsoft.com/en-us/library/cc754544.aspx
Defining the scope of fine-grained password policies
A PSO can be linked to a user (or inetOrgPerson) or a group object that is in the same
domain as the PSO: (…)
A new attribute named msDS-PSOApplied has been added to the user and group objects in
Windows Server 2008. The msDS-PSOApplied attribute contains a back-link to the PSO.
Because the msDSPSOApplied attribute has a back-link, a user or group can have multiple
PSOs applied to it.
As stated previously, in Windows Server 2008, a user or group can have multiple PSOs
applied to it since the msDS-PSOApplied attribute of the user and group objects has a backlink to the PSO.