Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft Exam AZ-801 Topic 7 Question 43 Discussion

Actual exam question for Microsoft's AZ-801 exam
Question #: 43
Topic #: 7
[All AZ-801 Questions]

Your network contains an Active Directory Domain Services (AD DS) forest. The forest functional level is Windows Server 2012 R2. The forest contains the domains shown in the following table.

You create a user named Admin1.

You need to ensure that Admin1 can add a new domain controller that runs Windows Server 2022 to the east.contoso.com domain. The solution must follow the principle of least privilege.

To which groups should you add Admin1?

Show Suggested Answer Hide Answer
Suggested Answer: C

by Zona at Nov 28, 2023, 12:51 AM

Limited Time Offer

25%

Off

Get Premium AZ-801 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Orville
4 days ago
I'm torn between options C and D. On one hand, C seems to follow the principle of least privilege a bit better. But D would give Admin1 a bit more flexibility and potentially make it easier to manage the domain controllers. Decisions, decisions...
upvoted 0 times
...
Novella
5 days ago
Hmm, interesting. I was also considering option D, which gives Admin1 membership in the CONTOSO\Enterprise Admins and CONTOSO\Schema Admins groups. That would give them the necessary permissions, but you're right, it might be overkill and a bit too much power.
upvoted 0 times
...
Claribel
6 days ago
I agree with you, Wai. The CONTOSO\Enterprise Admins group might be a bit too broad as well. I'm thinking the CONTOSO\Schema Admins and EAST\Domain Admins combination might be the way to go. That way, Admin1 can make the necessary changes to the schema and manage the east.contoso.com domain, but they won't have full administrative rights across the entire forest.
upvoted 0 times
...
Wai
7 days ago
Hmm, this is a tricky one. We need to ensure Admin1 can add a new domain controller to the east.contoso.com domain, but we also need to follow the principle of least privilege. I'm not sure if adding them to the EAST\Domain Admins group is the best option, as that would give them too much power across the entire domain.
upvoted 0 times
...

Save Cancel