|
Home > Archive > 70-218 > September 2002 > Ruscorp's 218 Question Sept-12-2002
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Ruscorp's 218 Question Sept-12-2002
|
|
| Deja-vue 2002-09-12, 9:55 am |
| Ok, buddy.
I hope, this one is bringing you on your knees!
You are the administrator of your company's Active Directory domain.Your Company recently expanded from a single office in Dublin and now has two branch offices; one in LA and one in Seattle.All user accounts for the entire company are currently in the Users container in the Active Directory.
You create an Active Directory group for each of the three offices. The network administrator user account for each office is a member of his/her respective Active Directory group.Network Administrators should only be able to configure user accounts for their respective offices.
What should you do to so that each administrator group can only administer the user accounts in his/her respective offices?
A. Run the Delegation of Control Wizard at the domain level. Delegate Full Control permissions to all three of the administrator groups, for all child objects.
B. Create a new Organizational Unit(OU) for all user accounts.Move the user accounts into the new OU.Place all three of the administrator groups into the new OU.
C. Create a new Organizational Unit (OU) for each of the three offices.Place each of the three administrator's groups into its respective OU.Run the Delegation of Control Wizard on each OU and delegate the Create, delete and manage user accounts task to the respective administrator group.
D. Create a organizational unit for each of the three offices. Move the user accounts to the appropriate OU.Run the Delegation of Control Wizard on each OU and delegate the Create, delete, and manage user accounts task to the respective administrator group.
See ya in a couple of Days with the Answer! | |
| CyberDude 2002-09-12, 12:42 pm |
| I will say D, as long as the actual admin users and group for each OU are moved to their respective OU's as well.  | |
| CyberDude 2002-09-12, 12:44 pm |
| Hi Deja, what is your new business then? Do you want a new employee? | |
| ruscorp 2002-09-12, 12:57 pm |
| either C or D. not sure. | |
| CyberDude 2002-09-12, 1:00 pm |
| Ruscorp,
doing C would not let the OU admins manage their users as they are still in the users container. | |
| ruscorp 2002-09-12, 1:03 pm |
| I know this question definitly has something to do witn Delegation of Control Wizard so I canceled out 'B' quick. 'A' doesn't seem logical, so that's gone. That leaves 'C' and 'D', I know they also will need the create, delete and manage rights so that is what confuses me. | |
| CyberDude 2002-09-12, 1:09 pm |
| If you want to control a department, create an OU. Next, move all computers, users, groups and other objects you want to control into the OU. You then use the delegation of control wizard, or assign certain rights, to the controlling group or user. | |
| ruscorp 2002-09-12, 1:13 pm |
| As you can see I have a lot of studying to do!  | |
| CyberDude 2002-09-12, 1:14 pm |
| Me too. I am studying 216 and 217 for this one. | |
| NetChild1985 2002-09-12, 1:48 pm |
| The correct answer is 100% "D"! I had a similar question on my 70-218 exam. | |
|
| I would say C for the answer
"place admin group in respective OUs".
Cyber elaborate why D gets the nod. | |
| Shiryu 2002-09-12, 9:39 pm |
| agree D. | |
| CyberDude 2002-09-13, 11:01 pm |
| If you want to control a department, create an OU. Next, move all computers, users, groups and other objects you want to control into the OU. You then use the delegation of control wizard, or assign certain rights, to the controlling group or user.
As C only moves the admin group to the OU and delegates control to it, the only thing that will be managed is that group. The users in that group will not be managed because they are not in the OU, plus the users and computers that are to be managed will not be for the same reason. In this case, all users will be managed by the domain gpo.
Try it for yourself. Create an OU and only place a group there and not its members. Then link a gpo to the ou. Refresh the policy. logon as on of the users of this group, and you will find that there are no settings configured for this user by the ou gpo.
| |
| Deja-vue 2002-09-16, 9:14 am |
| quote:
Originally posted by Deja-vue
Ok, buddy.
I hope, this one is bringing you on your knees!
You are the administrator of your company's Active Directory domain.Your Company recently expanded from a single office in Dublin and now has two branch offices; one in LA and one in Seattle.All user accounts for the entire company are currently in the Users container in the Active Directory.
You create an Active Directory group for each of the three offices. The network administrator user account for each office is a member of his/her respective Active Directory group.Network Administrators should only be able to configure user accounts for their respective offices.
What should you do to so that each administrator group can only administer the user accounts in his/her respective offices?
A. Run the Delegation of Control Wizard at the domain level. Delegate Full Control permissions to all three of the administrator groups, for all child objects.
B. Create a new Organizational Unit(OU) for all user accounts.Move the user accounts into the new OU.Place all three of the administrator groups into the new OU.
C. Create a new Organizational Unit (OU) for each of the three offices.Place each of the three administrator's groups into its respective OU.Run the Delegation of Control Wizard on each OU and delegate the Create, delete and manage user accounts task to the respective administrator group.
D. Create a organizational unit for each of the three offices. Move the user accounts to the appropriate OU.Run the Delegation of Control Wizard on each OU and delegate the Create, delete, and manage user accounts task to the respective administrator group.
See ya in a couple of Days with the Answer!
That was a good one, wasn't it?
Here is the Explanation:
I hope, you read through it.
In order to properly delegate control,we should create a new OU for each Office and move the appropriate user accounts to their correct corresponding OU's.This allows us to easily assign permissions,rights, and the delegation of control to the respective Administrator for that OU.The Delegation of Control Wizard can help us do the Leg work.
The Delegation of Control Wizard steps you through the process of assigning permissions at the OU level.For more specialized permissions, you must manually assign permissions.The wizard assigns permissions to a number of objects, including OU objects instances and other built-in objects like the Users object and the Subnet object.The wizard simplyfies the process of assigning object permissions by stepping you through the process.
The Delegation of Control Wizard, " Create, delete, and manage groups" task will allow the Support personnel the ability to manage group memberships,ceeate new groups and manage new groups, without giving them the ability to create or modify user objects. | |
| CyberDude 2002-09-16, 12:29 pm |
| Why don't you have a crack at my interview question Deja, I am sure it will get you thinking. |
|
|
|
|