PrepAway - Latest Free Exam Questions & Answers

Which toolshould you use?

Your network contains an Active Directory forestnamed contoso.com.
You need to identify whether a fine-grained password policy is applied to a specific group.
Which toolshould you use?

PrepAway - Latest Free Exam Questions & Answers

A.
Active Directory Sites and Services

B.
Authorization Manager

C.
Local Security Policy

D.
ADSI Edit

Explanation:
Practically the same question as J/Q16, different set of answers.
Use ADSI Editto determine the value of the msDS-PSOAppliedattribute of the specific group:
1. Open the Properties windows for the group in ADSI Edit
2. On the Attribute Editor tab click Filter
3. Ensure that the Show attributes/Optional check box is selected.
4. Ensure that the Show read-only attributes/Backlinks check box is selected.
5. Locate the value of msDS-PSOAppliedin the Attributes list.
Reference:
http://technet.microsoft.com/en-us/library/cc754544.aspx
Defining the scope of fine-grained password policies
A PSO can be linked to a user (or inetOrgPerson) ora group object that is in the same domain as the PSO:
(…)
A new attribute named msDS-PSOAppliedhas been added to the user and group objects in Windows
Server 2008. The msDS-PSOApplied attribute containsa back-link to the PSO. Because the msDSPSOApplied attribute has a back-link, a user or group can have multiple PSOs applied to it.
As stated previously, in Windows Server 2008, a user or group can have multiple PSOs applied to it since the
msDS-PSOApplied attribute of the user and group objects has a back-link to the PSO.


Leave a Reply