PrepAway - Latest Free Exam Questions & Answers

Which toolshould you use to create these accounts?

Your network contains an Active Directory forestnamed contoso.com.
The password policyof the forest requires that the passwords for all of the user accounts be changed
every 30 days.
You need to create user accounts that will be used by services.
The passwords for these accounts must be changed automatically every 30 days.
Which toolshould you use to create these accounts?
To answer, select the appropriate tool in the answer area.

PrepAway - Latest Free Exam Questions & Answers

Answer:

Explanation:

Use the New-ADServiceAccount cmdlet in PowerShell to create the new accounts as managed service
accounts. Managed service accounts offer Automatic passwordmanagement, making password management
easier.
Reference 1:
http://technet.microsoft.com/en-us/library/dd367859.aspx
What are the benefits of new service accounts?
In addition to the enhanced security that is provided by having individual accounts for critical services, there are
four important administrative benefits associated with managed service accounts:
(…)
Unlike with regular domain accounts in which administrators must reset passwords manually, the network
passwords for these accounts will be reset automatically.
(…)
Reference 2:
http://technet.microsoft.com/en-us/library/dd391964.aspx
Use the Active Directory module for Windows PowerShellto create a managed service account.
Reference 3:
http://technet.microsoft.com/en-us/library/dd548356.aspx
To create a new managed service account
1. On the domain controller, click Start, and then click Run. In the Open box, type dsa.msc, and then click OK
to open the Active Directory Users and Computers snap-in. Confirm that the Managed Service Account
container exists.
2. Click Start, click All Programs, click Windows PowerShell 2.0, and then click the Windows PowerShell
icon.
3. Run the following command: New-ADServiceAccount[-SAMAccountName <String>] [-Path <String>].
Reference 4:
http://technet.microsoft.com/en-us/library/hh852236.aspx
Use the -ManagedPasswordIntervalInDaysparameter with New-ADServiceAccount to specify the
number of days for the password change interval.
-ManagedPasswordIntervalInDays<Int32>
Specifies the number of days for the password change interval. If set to 0 then the default is used. This can only
be set on object creation. After that the setting is read only. This value returns the msDSManagedPasswordInterval of the group managed service account object.
The following example shows how to specify a 90 daypassword changes interval:
-ManagedPasswordIntervalInDays 90


Leave a Reply