Home » Microsoft » 70-640 » Which tool should you use?
Your network contains an Active Directory forest named contoso.com.
You need to identify whether a fine-grained password policy is applied to a specific group.
Which tool should you use?
A. Credential Manager
B. Group Policy Management Editor
C. Active Directory Users and Computers
D. Active Directory Sites and Services
Correct Answer: C
Explanation/Reference:
Practically the same question as K/Q7, different set of answers.
Use Active Directory Users and Computers to determine the value of the msDS-PSOApplied attribute of the specific group:
1. Open the Properties windows for the group in Active Directory Users and Computers
2. Click the Attribute Editor tab, and then click Filter
3. Ensure that the Show attributes/Optional check box is selected.
4. Ensure that the Show read-only attributes/Backlinks check box is selected.
5. Locate the value of msDS-PSOApplied in the Attributes list.
Reference:
http://technet.microsoft.com/en-us/library/cc754544.aspx
Defining the scope of fine-grained password policies
A PSO can be linked to a user (or inetOrgPerson) or a group object that is in the same domain as the PSO:
(…)
A new attribute named msDS-PSOApplied has been added to the user and group objects in Windows Server 2008. The msDS-PSOApplied attribute contains a back-link to the PSO. Because the msDS- PSOApplied attribute has a back-link, a user or group can have multiple PSOs applied to it.
As stated previously, in Windows Server 2008, a user or group can have multiple PSOs applied to it since the msDS-PSOApplied attribute of the user and group objects has a back-link to the PSO.
