Securing Windows Server 2016 — Question 106

Your network contains an Active Directory domain named contoso.com. The domain contains 10 computers that are in an organizational unit (OU) named OU1.
You deploy the Local Administrator Password Solution (LAPS) client to the computers. You link a Group Policy object (GPO) named GPO1 to OU1, and you configure the LAPS password policy settings in GPO1.
You need to ensure that the administrator passwords on the computers in OU1 are managed by using LAPS.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

Answer options

• A. Enable LDAP encryption on the domain controllers.
• B. Restart the computers.
• C. Modify the permissions on OU1.
• D. Restart the domain controller that hosts the PDC emulator role.
• E. Update the Active Directory Schema.

Correct answer: C, E

Explanation

The correct answers are C and E. Modifying the permissions on OU1 is necessary to allow the LAPS client to update the password attributes in Active Directory. Additionally, updating the Active Directory Schema is required to support the attributes that LAPS uses for password management. Options A, B, and D are not directly related to the implementation of LAPS for managing passwords.