READ Free Dumps For Microsoft- 70-411
| Question ID 13923 | Your network contains an Active Directory forest named contoso.com. The forest contains
a single domain. All domain controllers run Windows Server 2012 R2.
The domain contains two domain controllers. The domain controllers are configured as
shown in the following table.
Active Directory Recycle Bin is enabled.
You discover that a support technician accidentally removed 100 users from an Active
Directory group named Group1 an hour ago.
You need to restore the membership of Group1.
What should you do?
|
| Option A | Recover the items by using Active Directory Recycle Bin.
|
| Option B | Modify the Recycled attribute of Group1.
|
| Option C | Perform tombstone reanimation.
|
| Option D | Perform an authoritative restore.
|
| Option E | Perform a non- authoritative restore.
|
| Correct Answer | A |
Explanation Explanation: Active Directory Recycle Bin helps minimize directory service downtime by enhancing your ability to preserve and restore accidentally deleted Active Directory objects without restoring Active Directory data from backups, restarting Active Directory Domain Services (AD DS), or rebooting domain controllers. When you enable Active Directory Recycle Bin, all link-valued and non-link-valued attributes of the deleted Active Directory objects are preserved and the objects are restored in their entirety to the same consistent logical state that they were in immediately before deletion. For example, restored user accounts automatically regain all group memberships and corresponding access rights that they had immediately before deletion, within and across domains.
| Question ID 13924 | Your network contains an Active Directory domain named contoso.com. All domain
controllers run either Windows Server 2008 or Windows Server 2008 R2.
You deploy a new domain controller named DC1 that runs Windows Server 2012 R2.
You log on to DC1 by using an account that is a member of the Domain Admins group.
You discover that you cannot create Password Settings objects (PSOs) by using Active
Directory Administrative Center.
You need to ensure that you can create PSOs from Active Directory Administrative Center.
What should you do?
|
| Option A | Modify the membership of the Group Policy Creator Owners group.
|
| Option B | Transfer the PDC emulator operations master role to DC1.
|
| Option C | Upgrade all of the domain controllers that run Window Server 2008.
|
| Option D | Raise the functional level of the domain.
|
| Correct Answer | D |
Explanation Explanation: Fine-grained password policies allow you to specify multiple password policies within a single domain so that you can apply different restrictions for password and account lockout policies to different sets of users in a domain. To use a fine-grained password policy, your domain functional level must be at least Windows Server 2008. To enable fine-grained password policies, you first create a Password Settings Object (PSO). You then configure the same settings that you configure for the password and account lockout policies. You can create and apply PSOs in the Windows Server 2012 environment by using the Active Directory Administrative Center (ADAC) or Windows PowerShell. Step 1: Create a PSO Applies To: Windows Server 2008, Windows Server 2008 R2 Reference: http: //technet. microsoft. com/en-us//library/cc754461%28v=ws. 10%29. aspx