Term
|
Definition
|
|
Term
|
Definition
| Password Setting Container |
|
|
Term
| What is the required domain level |
|
Definition
|
|
Term
|
Definition
| A PSO can be linked to more that one user/group only one PSO prevails(The Resultant PSO |
|
|
Term
| What has the higher precedence in a PSO 1 or 2 |
|
Definition
| The lower the number the higher the precendence |
|
|
Term
| What is the best practice, to link the PSO to the user or to the group |
|
Definition
| Link PSOs to the group object |
|
|
Term
|
Definition
| Avoid having PSOs with the same precedence |
|
|
Term
| What will override the precedences set in the PSO for a group that the user is in |
|
Definition
| One or more PSOs linked directly to the user |
|
|
Term
| What happens when two PSOs have the same precedence value |
|
Definition
| the PSO with the lowest GUID is applied |
|
|
Term
| If PSOs cannot be set on an OU what can you do to ensure every user in an OU gets the same PSO applied |
|
Definition
| Run a script to create a shadow group(mimics OU memebership) |
|
|
Term
| What is the technical name for a PSO |
|
Definition
|
|
Term
| Where can you create a PSO |
|
Definition
Connect to the domain with ADSIEdit
-DC=contoso,DC=com
-CN=System
-CN=Password Settings |
|
|
Term
|
Definition
Identify the setting in the PSO throught the ADSI Edit process just like in the GPO only they start with msDS and the first attribute(cn=NAme of the PSO):
-msDS-PasswordSettingsPrecedence:1
-msDS-PasswordReversibleEncryptionEnabled:False
-msDS-PasswordHistoryLength:30.
-msDS-PasswordComplexityEnabled:True.
-msDS-MinimumPasswordLength:15.
-msDS-MinimumPasswordAge:1:00:00:00.
-msDS-MaximumPasswordAge:45:00:00:00.
msDS-LockoutObservationWindow:0:01:00:00. |
|
|
Term
| Where are the two places to go when creating then enabling a PSO |
|
Definition
| ASDI Edit in CN=System and ADAC in the System OU both have Password Policy, ADAC has the Password Setting Container |
|
|
