Home » Microsoft » 70-640 » What should you do?
Your network consists of a single Active Directory domain.
All domain controllers run Windows Server 2003.
You upgrade all domain controllers to Windows Server 2008.
You need to configure the Active Directory environment to support the application of multiple password policies.
What should you do?
A. Raise the functional level of the domain to Windows Server 2008.
B. On one domain controller, run dcpromo /adv.
C. Create multiple Active Directory sites.
D. On all domain controllers, run dcpromo /adv.
Correct Answer: A
Explanation/Reference:
http://technet.microsoft.com/en-us/library/cc770842%28v=ws.10%29.aspx
AD DS Fine-Grained Password and Account Lockout Policy Step-by-Step Guide
This step-by-step guide provides instructions for configuring and applying fine-grained password and account lockout policies for different sets of users in Windows Server® 2008 domains.
In Microsoft® Windows® 2000 and Windows Server 2003 Active Directory domains, you could apply only one password and account lockout policy, which is specified in the domain’s Default Domain Policy, to all users in the domain. As a result, if you wanted different password and account lockout settings for different sets of users, you had to either create a password filter or deploy multiple domains. Both options were costly for different reasons.
In Windows Server 2008, you can use fine-grained password policies to specify multiple password policies and apply different password restrictions and account lockout policies to different sets of users within a single domain.
Requirements and special considerations for fine-grained password and account lockout policies
. Domain functional level: The domain functional level must be set to Windows Server 2008 or higher.
. etc…