Your network contains an Active Directory forest named contoso.com.
You need to identify whether a fine-grained password policy is applied to a specific group.
Which tool should you use?

A.
Active Directory Sites and Services

B.
Authorization Manager

C.
Local Security Policy

D.
ADSI Edit

Explanation:
Use ADSI Edit to determine the value of the msDS-PSOApplied attribute of the specific
group:
1. Open the Properties windows for the group in ADSI Edit
2. On the Attribute Editor tab click Filter
3. Ensure that the Show attributes/Optional check box is selected.
4. Ensure that the Show read-only attributes/Backlinks check box is selected.
5. Locate the value of msDS-PSOApplied in the Attributes list.

http://technet.microsoft.com/en-us/library/cc754544.aspx
Defining the scope of fine-grained password policies
A PSO can be linked to a user (or inetOrgPerson) or a group object that is in the same
domain as the PSO: (…)
A new attribute named msDS-PSOApplied has been added to the user and group objects in
Windows Server 2008. The msDS-PSOApplied attribute contains a back-link to the PSO.
Because the msDSPSOApplied attribute has a back-link, a user or group can have multiple
PSOs applied to it.
As stated previously, in Windows Server 2008, a user or group can have multiple PSOs
applied to it since the msDS-PSOApplied attribute of the user and group objects has a backlink to the PSO.