You have a group Managed Service Account named Service01. Three servers named Server01,
Server02, and Server03 currently use the Service01 service account.
You plan to decommission Server01.
You need to remove the cached password of the Service01 service account from Server01. The
solution must ensure that Server02 and Server03 continue to use Service01.
Which cmdlet should you run?
A.
Set-ADServiceAccount
B.
Reset-ADServiceAccountPassword
C.
Remove-ADServiceAccount
D.
Uninstall-ADServiceAccount
Explanation:
We reset the password for the service.
The Reset-ADServiceAccountPassword cmdlet resets the service account password for the local
computer.This cmdlet needs to be run on the computer where the service account is installed.
Incorrect:
Not A: The Set-ADServiceAccount cmdlet cannot modify the password of the service. Reset-ADServiceAccountPassword
https://technet.microsoft.com/en-us/library/ee617201.aspx
Wrong, should be C:
he Remove-ADServiceAccount cmdlet removes an Active Directory service account. This cmdlet does not make changes to any computers that use the service account. After this operation, the service account is no longer hosted on the target computer but still exists in the directory.
https://technet.microsoft.com/en-us/library/ee617190.aspx
1
0
Agree
0
0
Given answer is correct.
The question is “remove the cached password of the Service01 service account from Server01”.
You don’t want to remove the service account from the computer, you want to clear the value of the password cache. So, just reset the password localy.
Reset-ADServiceAccountPassword
0
0
As question askes we need to remove the cached password of the Service01 service account from Server01 NOT to remove the service account. So correct answer is Reset-ADServiceAccountPassword
Reset-ADServiceAccountPassword https://technet.microsoft.com/en-us/library/ee617201.aspx
Incorrect Remove-ADServiceAccount https://technet.microsoft.com/en-us/library/ee617190.aspx
0
0
With gMSA’s the account isn’t actually on the server, it’s on the Domain Controller. As such, if you could use Reset-ADServiceAccountPassword, it would just change the password on the DC and the server would retrieve and cache the new password.
So my vote goes to Uninstall-ADServiceAccount, which removes the association between the gMSA and the host and forces it to dump the cached credentials.
See:
https://technet.microsoft.com/en-us/library/jj128431%28v=ws.11%29.aspx
Under ‘Decommisioning member hosts’, step 2
Technically, you’d have to do Set-ADServiceAccount first.
1
0
Skip this, it’s a 411 question. Answer is D btw, check the comments on 411 versions.
0
0
Give us a link Ricky. When did you pass the 411?
0
0
Ricky the balboa is right, it’s 411 question. Emmitt Smith check the 411 questions out on this website.
0
0
ExamRef 70-411 states (p 270):
“You can remove an MSA from a computer by using Windows PowerShell … by using the Uninstall-ADServiceAccount cmdlet on the local computer where it was installed. [then follows how to completely remove the account which was definitely not asked]: (Then remove the assignment to the computer by using the Remove-ADComputerServiceAccount cmdlet. This process leaves the MSA in place in Active Directory but not assigned to a specific computer, allowing you to reuse the account on another computer. To remove the MSA entirely from Active Directory, use the Remove-ADServiceAccount cmdlet.)”
0
0
70-411 Question. Disregard.
Answer is D FYI.
0
0