Identity with Windows Server 2016 — Question 116

Your network contains an Active Directory domain named adatum.com. The domain contains a security group named G_Research and an organizational unit
(OU) named OU_Research.
All the users in the research department are members of G_Research and their user accounts are in OU_Research.
You need to ensure that all the research department users change their password every 28 days and enforce a complex password that is 12 characters long.
What should you do?

Answer options

• A. From Group Policy Management, create and link a Group Policy object (GPO) to OU_Research. Modify the password policy in the GPO.
• B. From Group Policy Management, create and link a Group Policy object (GPO) to the domain. Modify the password policy in the GPO. Filter the GPO to apply to G_Research only.
• C. From Active Directory Users and Computers, modify the properties of the Password Settings Container.
• D. From Active Directory Administrative Center, create a new Password Settings object (PSO).

Correct answer: D

Explanation

The correct answer is D because creating a new Password Settings object (PSO) allows you to specify password policies that can be applied to specific groups, such as G_Research. Option A and B are incorrect because they deal with GPOs, which apply to broader scopes and do not allow for the granularity needed for individual group policies. Option C is also incorrect as modifying the Password Settings Container does not achieve the requirement of applying specific policies to the G_Research group.