Identity with Windows Server 2016 — Question 161

Your network contains an Active Directory forest named contoso.com.
Your company plans to hire 500 temporary employees for a project that will last 90 days.
You create a new user account for each employee. An organizational unit (OU) named Temp contains the user accounts for the employees.
You need to prevent the new users from accessing any of the resources in the domain after 90 days.
What should you do?

Answer options

• A. Run the Get-ADOrganizationalUnit cmdlet and pipe the output to the Set-Date cmdlet.
• B. Run the Get-ADOrganizationalUnit cmdlet and pipe the output to the Set-ADAccountPassword cmdlet.
• C. Run the Get-ADUser cmdlet and pipe the output to the Set-ADAccountExpiration cmdlet.
• D. Create a Group Policy object (GPO) and link the GPO to the Temp OU. Modify the Account Lockout Policy of the GPO.

Correct answer: C

Explanation

The correct answer is C because using the Set-ADAccountExpiration cmdlet allows you to specify an expiration date for the user accounts, which effectively prevents access after 90 days. Options A and B do not address user account expiration, and D focuses on account lockout policies, which do not limit access based on time.