Your network contains an Active Directory forest. The forest contains one domain named
contoso.com. The domain contains three domain controllers. The domain controllers are configured
as shown in the following table.
DC1 has all of the operations master roles installed.
You transfer all of the operations master roles to DC2, and then you uninstall Active Directory from
DC1.
You need to ensure that you can use Password Settings objects (PSOs) in the domain.
What should you do?
A.
Change the domain functional level.
B.
Upgrade DC2.
C.
Run the dcgpofix.exe command.
D.
Transfer the schema master role.
Explanation:
The domain functional level must be Windows Server 2008 to use PSO’s
Requirements and special considerations for fine-grained password and account lockout policies:
* Domain functional level: The domain functional level must be set to Windows Server 2008 or
higher.
Etc.
Incorrect:
Not B. DC2 is also Windows Server 2008.
Not C. Recreates the default Group Policy Objects (GPOs) for a domain
Not D. Schema isn’t up to right levelAD DS: Fine-Grained Password Policies
http://technet.microsoft.com/en-us/library/cc770394(v=wsHYPERLINK
“http://technet.microsoft.com/en-us/library/cc770394(v=ws.10).aspx#_blank”.10).aspx
Joe says:
July 16, 2015 at 4:10 pm
Once you have removed the 2003 DC you can upgrade the domain functional level to 2008 to enable PSO’s
0
0
This question is a present…
1
0
Q96: You need to ensure that you can use Password Settings objects (PSOs) in the domain.
The answer is:
B. Change the domain functional level.
Why? Because after reading this https://technet.microsoft.com/en-us/library/cc770394(v=ws.10).aspx, it states that, “The domain functional level must be Windows Server 2008”.
So, it doesn’t matter if you uninstall Active Directory from DC1, you would still be required to change the domain functional level to 2008.
The three domain controllers are on the same domain, “Adatum.com”. You do not need to migrate the active directory because it synchronized across all three domain controllers in advanced. To utilize PSO, you will need to have the DFL set to 2008. Then you can uninstall active directory and decommission the 2003 server or use it for a file server, printer server, or whatever.
I know what some of you are thinking… “If a windows 2003 domain server is on my domain, can I raise the DFL to 2008?” The answer is yes, you can. See here: https://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels(v=ws.10).aspx. Under, “Features that are available at the domain functional levels”.
So you see, the question is not about Active Directory, it’s about the requirements for PSO.
0
0