[Free] 2018(July) Dumps4cert Microsoft 70-640 Dumps with VCE and PDF Download 91-100

Dumps4cert.com : Latest Dumps with PDF and VCE Files
2018 July Microsoft Official New Released 70-640
100% Free Download! 100% Pass Guaranteed!

Windows Server 2008 Active Directory, Configuring

Question No: 91 – (Topic 1)

Your company has a DNS server that has 10 Active Directory integrated zones.

You need to provide copies of the zone files of the DNS server to the security department. What should you do?

  1. Run the dnscmd /ZoneInfo command.

  2. Run the ipconfig /registerdns command.

  3. Run the dnscmd /ZoneExport command.

  4. Run the ntdsutil gt; Partition Management gt; List commands.

Answer: C Explanation:

http://servergeeks.wordpress.com/2012/12/31/dns-zone-export/ DNS Zone Export

In Non-AD Integrated DNS Zones

DNS zone file information is stored by default in the %systemroot%\windows\system32\dns folder. When the DNS Server service starts it loads zones from these files. This behavior is limited to any primary and secondary zones that are not AD integrated. The files will be named as lt;ZoneFQDNgt;.dns.

Dumps4Cert 2018 PDF and VCE

C:\Documents and Settings\usernwz1\Desktop\1.PNG

In AD Integrated DNS Zones

AD-integrated zones are stored in the directory they do not have corresponding zone files

i.e. they are not stored as .dns files. This makes sense because the zones are stored in, and loaded from, the directory. Now it is important task for us to take a backup of these AD integrated zones before making any changes to DNS infrastructure. Dnscmd.exe can be used to export the zone to a file. The syntax of the command is:

DnsCmd lt;ServerNamegt; /ZoneExport lt;ZoneNamegt; lt;ZoneExportFilegt;

lt;ZoneNamegt; – FQDN of zone to export

/Cache to export cache

As an example, let’s say we have an AD integrated zone named habib.local, our DC is server1. The command to export the file would be:

Dnscmd server1 /ZoneExport habib.local habib.local.bak

Dumps4Cert 2018 PDF and VCE

C:\Documents and Settings\usernwz1\Desktop\1.PNG

Dumps4Cert 2018 PDF and VCE

C:\Documents and Settings\usernwz1\Desktop\1.PNG

You can refer to a complete article on DNSCMD in Microsoft TechNet website http://technet.microsoft.com/en-us/library/cc772069(v=ws.10).aspx

Question No: 92 – (Topic 1)

Your company hires 10 new employees.

You want the new employees to connect to the main office through a VPN connection.

You create new user accounts and grant the new employees they Allow Read and Allow Execute permissions to shared resources in the main office.

The new employees are unable to access shared resources in the main office.

You need to ensure that users are able to establish a VPN connection to the main office. What should you do?

  1. Grant the new employees the Allow Access Dial-in permission.

  2. Grant the new employees the Allow Full control permission.

  3. Add the new employees to the Remote Desktop Users security group.

  4. Add the new employees to the Windows Authorization Access security group.

Answer: A Explanation:

http://technet.microsoft.com/en-us/library/cc738142(v=ws.10).aspx Dial-in properties of a user account

The dial-in properties for a user account are: Remote Access Permission (Dial-in or VPN)

You can use this property to set remote access permission to be explicitly allowed, denied, or determined through remote access policies. In all cases, remote access policies are used to authorize the connection attempt. If access is explicitly allowed, remote access policy conditions, user account properties, or profile properties can still deny the connection attempt.

Question No: 93 – (Topic 1)

Your company has an Active Directory forest that contains eight linked Group Policy Objects (GPOs). One of these GPOs publishes applications to user objects. A user reports that the application is not available for installation.

You need to identify whether the GPO has been applied. What should you do?

  1. Run the Group Policy Results utility for the user.

  2. Run the GPRESULT /S lt;system namegt; /Z command at the command prompt.

  3. Run the GPRESULT /SCOPE COMPUTER command at the command prompt.

  4. Run the Group Policy Results utility for the computer.

    Answer: A Explanation: Personal note:

    You run the utility for the user and not for the computer because the application publishes to user objects

    http://technet.microsoft.com/en-us/library/bb456989.aspx

    How to Use the Group Policy Results (GPResult.exe) Command Line Tool

    Intended for administrators, the Group Policy Results (GPResult.exe) command line tool verifies all policy settings in effect for a specific user or computer. Administrators can run GPResult on any remote computer within their scope of management. By default, GPResult returns settings in effect on the computer on which

    GPResult is run.

    To run GPResult on your own computer:

    1. Click Start, Run, and enter cmd to open a command window.

    2. Type gpresult and redirect the output to a text file as shown in Figure 1 below:

      Dumps4Cert 2018 PDF and VCE

      C:\Documents and Settings\usernwz1\Desktop\1.PNG

    3. Enter notepad gp.txt to open the file. Results appear as shown in the figure below.

      Dumps4Cert 2018 PDF and VCE

      C:\Documents and Settings\usernwz1\Desktop\1.PNG

      Question No: 94 – (Topic 1)

      Your company has a server that runs Windows Server 2008 R2. Active Directory Certificate Services (AD CS) is configured as a standalone Certification Authority (CA) on the server.

      You need to audit changes to the CA configuration settings and the CA security settings.

      Which two tasks should you perform? (Each correct answer presents part of the solution. Choose two.)

      1. Configure auditing in the Certification Authority snap-in.

      2. Enable auditing of successful and failed attempts to change permissions on files in the

        %SYSTEM32%

        \CertSrv directory.

      3. Enable auditing of successful and failed attempts to write to files in the

        %SYSTEM32%\CertLog directory.

      4. Enable the Audit object access setting in the Local Security Policy for the Active Directory Certificate Services (AD CS) server.

        Answer: A,D Explanation:

        http://technet.microsoft.com/en-us/library/cc772451.aspx Configure CA Event Auditing

        You can audit a variety of events relating to the management and activities of a certification authority (CA):

        Back up and restore the CA database. Change the CA configuration.

        Change CA security settings.

        Issue and manage certificate requests.

        Revoke certificates and publish certificate revocation lists (CRLs). Store and retrieve archived keys.

        Start and stop Active Directory Certificate Services (AD CS). To configure CA event auditing

        1. Open the Certification Authority snap-in.

        2. In the console tree, click the name of the CA.

        3. On the Action menu, click Properties.

        4. On the Auditing tab, click the events that you want to audit, and then click OK.

        5. On the Action menu, point to All Tasks, and then click Stop Service.

        6. On the Action menu, point to All Tasks, and then click Start Service. Additional considerations

          To audit events, the computer must also be configured for auditing of object access. Audit policy options can be viewed and managed in local or domain Group Policy under Computer Configuration\Windows Settings\Security Settings\Local Policies.

          Question No: 95 – (Topic 1)

          Your company has an organizational unit named Production. The Production organizational unit has a child organizational unit named Ramp;D. You create a GPO named Software Deployment and link it to the Production organizational unit.

          You create a shadow group for the Ramp;D organizational unit. You need to deploy an application to users in the Production organizational unit.

          You also need to ensure that the application is not deployed to users in the Ramp;D organizational unit.

          What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)

          1. Configure the Block Inheritance setting on the Ramp;D organizational unit.

          2. Configure the Enforce setting on the software deployment GPO.

          3. Configure security filtering on the Software Deployment GPO to Deny Apply group policy for the Ramp;D security group.

          4. Configure the Block Inheritance setting on the Production organizational unit.

Answer: A,C Explanation:

Answer: Configure the Block Inheritance setting on the Ramp;D organizational unit. Configure security filtering on the Software Deployment GPO to Deny Apply group policy for the Ramp;D security group.

http://technet.microsoft.com/en-us/library/cc757050(v=ws.10).aspx Managing inheritance of Group Policy

Blocking Group Policy inheritance

You can block policy inheritance for a domain or organizational unit. Using block inheritance prevents GPOs linked to higher sites, domains, or organizational units from being automatically inherited by the child-level. By default, children inherit all GPOs from the parent, but it is sometimes useful to block inheritance. For example, if you want to apply a single set of policies to an entire domain except for one organizational unit, you can link the required GPOs at the domain level (from which all organizational units inherit policies by default) and then block inheritance only on the organizational unit to which the policies should not be applied.

Enforcing a GPO link You can specify that the settings in a GPO link should take precedence over the settings of any child object by setting that link to Enforced. GPO-links that are enforced cannot be blocked from the parent container. Without enforcement from above, the settings of the GPO links at the higher level (parent) are overwritten by settings in GPOs linked to child organizational units, if the GPOs contain conflicting settings. With enforcement, the parent

GPO link always has precedence. By default, GPO links are not enforced. In tools prior to GPMC, quot;enforcedquot; was known as quot;No override.quot;

In addition to using GPO links to apply policies, you can also control how GPOs are applied by using security filters or WMI filters.

http://technet.microsoft.com/en-us/library/cc781988(v=ws.10).aspx Security filtering using GPMC

Security filtering Security filtering is a way of refining which users and computers will receive and apply the settings in a Group Policy object (GPO). Using security filtering, you can specify that only certain security principals within a container where the GPO is linked apply the GPO. Security group filtering determines whether the GPO as a whole applies to groups, users, or computers; it cannot be used selectively on different settings within a GPO.

Notes:

GPOs cannot be linked directly to users, computers, or security groups. They can only be linked to sites, domains and organizational units. However, by using security filtering, you can narrow the scope of a GPO so that it applies only to a single group, user, or computer.

The location of a security group in Active Directory is irrelevant to security group filtering and, more generally, irrelevant to Group Policy processing.

Further information:

http://technet.microsoft.com/en-us/library/cc731076.aspx Block Inheritance http://en.wikipedia.org/wiki/Active_Directory#Shadow_groups Active Directory

Shadow groups

In Microsoft#39;s Active Directory, OUs do not confer access permissions, and objects placed within OUs are not automatically assigned access privileges based on their containing OU. This is a design limitation specific to Active Directory. Other competing directories such as Novell NDS are able to assign access privileges through object placement within an OU. Active Directory requires a separate step for an administrator to assign an object in an OU as a member of a group also within that OU. Relying on OU location alone to determine access permissions is unreliable, because the object may not have been assigned to the group object for that OU. A common workaround for an Active Directory administrator is to write a custom PowerShell or Visual Basic script to automatically create and maintain a user group for each OU in their directory. The scripts are run periodically to update the group to match the OU#39;s account membership, but are unable to instantly update the security groups anytime the directory changes, as occurs in competing directories where security is directly implemented into the directory itself. Such groups are known as Shadow Groups. Once created, these shadow groups are selectable in place of the OU in the administrative tools.

Microsoft refers to shadow groups in the Server 2008 Reference documentation, but does not explain how to create them. There are no built-in server methods or console snap-ins for managing shadow groups.[5]

The division of an organization#39;s information infrastructure into a hierarchy of one or more domains and toplevel OUs is a key decision. Common models are by business unit, by geographical location, by IT Service, or by object type and hybrids of these. OUs should be structured primarily to facilitate administrative delegation, and secondarily, to facilitate group policy application. Although OUs form an administrative boundary, the only true security boundary is the forest itself and an administrator of any domain in the forest must be trusted across all domains in the forest.[6]

Question No: 96 – (Topic 1)

Your network consists of a single Active Directory domain. The domain contains 10 domain controllers. The domain controllers run Windows Server 2008 R2 and are configured as DNS servers.

You plan to create a new Active Directory-integrated zone.

You need to ensure that the new zone is only replicated to four of your domain controllers. What should you do first?

  1. From the command prompt, run dnscmd and specify the /createdirectorypartition parameter.

  2. Create a new delegation in the ForestDnsZones application directory partition.

  3. From the command prompt, run dnscmd and specify the /enlistdirectorypartition parameter.

  4. Create a new delegation in the DomainDnsZones application directory partition.

    Answer: A Explanation:

    Practically the same question as D/Q25 and K/Q17, different set of answers.

    To control which servers get a copy of the zone we have to store the zone in an application directory partition.

    That application directory partition must be created before we create the zone, otherwise it won#39;t work. So that#39;s what we have to do first. Directory partitions are also called naming contexts and we can create one using ntdsutil.

    Here I tried to create a zone with dnscmd /zoneadd. It failed because the directory partition I wanted to use did not exist yet. To fix that I used ntdsutil to create the directory partition

    dc=venomous,dc=contoso,dc=com.

    Dumps4Cert 2018 PDF and VCE

    Note that after creating it a new naming context had been added. Then, after a minute or two, I tried to create the new zone again, and this time it worked.

    C:\Documents and Settings\usernwz1\Desktop\1.PNG Reference 1:

    http://technet.microsoft.com/en-us/library/cc725739.aspx Store Data in an AD DS Application Partition

    You can store Domain Name System (DNS) zones in the domain or application directory partitions of Active Directory Domain Services (AD DS). An application directory partition is a data structure in AD DS that distinguishes data for different replication purposes. When you store a DNS zone in an application directory partition, you can control the zone replication scope by controlling the replication scope of the application directory partition.

    Reference 2:

    http://technet.microsoft.com/en-us/library/cc730970.aspx Partition management

    Manages directory partitions for Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS).

    This is a subcommand of Ntdsutil and Dsmgmt.

    Examples To create an application directory partition named AppPartition in the contoso.com domain, complete the following steps:

    1. To open an elevated Command Prompt window, click Start, point to All Programs, click Accessories, rightclick

      Command Prompt, and then click Run as administrator.

    2. Type: ntdsutil

    3. Type: Ac in ntds

    4. Type: partition management

    5. Type: connections

    6. Type: Connect to server DC_Name

    7. Type: quit

    8. Type: list

      The following partitions will be listed:

      0 CN=Configuration,DC=Contoso,DC=com

      1. DC=Contoso,DC=com

      2. CN=Schema,CN=Configuration,DC=Contoso,DC=com

      3. DC=DomainDnsZones,DC=Contoso,DC=com

      4. DC=ForestDnsZones,DC=Contoso,DC=com

    9. At the partition management prompt, type: create nc dc=AppPartition,dc=contoso,dc=com ConDc1.contoso.com

    10. Run the list command again to refresh the list of partitions.

Question No: 97 – (Topic 1)

Your company has a server that runs an instance of Active Directory Lightweight Directory Service (AD LDS).

You need to create new organizational units in the AD LDS application directory partition. What should you do?

  1. Use the dsmod OU lt;OrganizationalUnitDNgt; command to create the organizational units.

  2. Use the Active Directory Users and Computers snap-in to create the organizational units on the AD LDS application directory partition.

  3. Use the dsadd OU lt;OrganizationalUnitDNgt; command to create the organizational units.

  4. Use the ADSI Edit snap-in to create the organizational units on the AD LDS application directory partition.

    Answer: D Explanation:

    Answer: Use the ADSI Edit snap-in to create the organizational units on the AD LDS application directory partition.

    http://technet.microsoft.com/en-us/library/cc773354(v=ws.10).aspx ADSI Edit (adsiedit.msc)

    Active DirectoryŚļź Service Interfaces Editor (ADSI Edit) is a Lightweight Directory Access Protocol (LDAP) editor that you can use to manage objects and attributes in Active Directory. ADSI Edit (adsiedit.msc) provides a view of every object and attribute in an Active Directory forest. You can use ADSI Edit to query, view, and edit attributes that are not exposed through other Active Directory Microsoft Management Console (MMC) snap- ins: Active Directory Users and Computers, Active Directory Sites and Services, Active Directory Domains and Trusts, and Active Directory Schema. http://technet.microsoft.com/en-us/library/cc730701(v=ws.10).aspx#BKMK_1 Step 4: Practice Managing AD LDS Organizational Units, Groups, and Users

    Create an OU

    To keep your AD LDS users and groups organized, you may want to place users and groups in OUs. In Active

    Directory Domain Services (AD DS) and in AD LDS, as well as in other Lightweight Directory Access Protocol

    (LDAP)-based directories, OUs are most commonly used for keeping users and groups organized.

    To create an OU

    1. Click Start, point to Administrative Tools, and then click ADSI Edit.

    2. Connect and bind to the directory partition of the AD LDS instance to which you want to add an OU.

    3. In the console tree, double-click the o=Microsoft,c=US directory partition, right-click the container to which you want to add the OU, point to New, and then click Object.

    4. In Select a class, click organizationalUnit, and then click Next.

    5. In Value, type a name for the new OU, and then click Next.

    6. If you want to set values for additional attributes, click More attributes. Further information:

      http://technet.microsoft.com/en-us/library/cc754663(v=ws.10).aspx Step 5: Practice Working with Application Directory Partitions

      The Active Directory Lightweight Directory Services (AD LDS) directory store is organized into logical directory partitions. There are three different types of directory partitions: Configuration directory partitions

      Schema directory partitions Application directory partitions

      Each AD LDS directory store must contain a single configuration directory partition and a single schema directory partition. The directory store can contain zero or more application directory partitions.

      Application directory partitions hold the data that your applications use. You can create an application directory partition during AD LDS setup or anytime after installation.

      Question No: 98 – (Topic 1)

      You have a Windows Server 2008 R2 Enterprise Root certification authority (CA).

      You need to grant members of the Account Operators group the ability to only manage Basic EFS certificates.

      You grant the Account Operators group the Issue and Manage Certificates permission on the CA.

      Which three tasks should you perform next? (Each correct answer presents part of the solution.

      Choose three.)

      1. Enable the Restrict Enrollment Agents option on the CA.

      2. Enable the Restrict Certificate Managers option on the CA.

      3. Add the Basic EFS certificate template for the Account Operators group.

      4. Grant the Account Operators group the Manage CA permission on the CA.

      5. Remove all unnecessary certificate templates that are assigned to the Account Operators group.

        Answer: B,C,E Explanation:

        http://technet.microsoft.com/en-us/library/cc779954(v=ws.10).aspx

        Role-based administration Role explanation

        Role-based administration involves CA roles, users, and groups. To assign a role to a user or group, you must assign the role#39;s corresponding security permissions, group memberships, or user rights to the user or group.

        Dumps4Cert 2018 PDF and VCE

        These security permissions, group memberships, and user rights are used to distinguish which users have which roles. The following table describes the CA roles of role-based administration and the groups relevant to role-based administration.

        C:\Documents and Settings\usernwz1\Desktop\1.PNG Certificate Manager:

        Delete multiple rows in database (bulk deletion) Issue and approve certificates

        Deny certificates Revoke certificates

        Reactivate certificates placed on hold Renew certificates

        Recover archived key Read CA database

        Read CA configuration information

        http://technet.microsoft.com/en-us/library/cc753372.aspx Restrict Certificate Managers

        A certificate manager can approve certificate enrollment and revocation requests, issue certificates, and manage certificates. This role can be configured by assigning a user or group the Issue and Manage Certificatespermission.

        When you assign this permission to a user or group, you can further refine their ability to manage certificates by group and by certificate template. For example, you might want to implement a restriction that they can only approve requests or revoke smart card logon certificates for users in a certain office or organizational unit that is the basis for a security group.

        This restriction is based on a subset of the certificate templates enabled for the certification

        authority (CA) and the user groups that have Enroll permissions for that certificate template from that CA.

        To configure certificate manager restrictions for a CA:

        1. Open the Certification Authority snap-in, and right-click the name of the CA.

        2. Click Properties, and then click the Security tab.

        3. Verify that the user or group that you have selected has Issue and Manage Certificates permission. If they do not yet have this permission, select the Allow check box, and then click Apply.

        4. Click the Certificate Managers tab.

        5. Click Restrict certificate managers, and verify that the name of the group or user is displayed.

        6. Under Certificate Templates, click Add, select the template for the certificates that you want this user or group to manage, and then click OK. Repeat this step until you have selected all certificate templates that you want to allow this certificate manager to manage.

        7. Under Permissions, click Add, type the name of the client for whom you want the certificate manager to manage the defined certificate types, and then click OK.

        8. If you want to block the certificate manager from managing certificates for a specific user, computer, or group, under Permissions, select this user, computer, or group, and click Deny.

        9. When you are finished configuring certificate manager restrictions, click OK or Apply.

          Question No: 99 – (Topic 1)

          Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2003.

          You upgrade all domain controllers to Windows Server 2008 R2.

          You need to ensure that the Sysvol share replicates by using DFS Replication (DFS-R). What should you do?

          1. From the command prompt, run dfsutil /addroot:sysvol.

          2. From the command prompt, run netdom /reset.

          3. From the command prompt, run dcpromo /unattend:unattendfile.xml.

          4. Raise the functional level of the domain to Windows Server 2008 R2.

Answer: D Explanation:

http://technet.microsoft.com/en-us/library/cc794837(v=ws.10).aspx Introduction to Administering DFS-Replicated SYSVOL

SYSVOL is a collection of folders that contain a copy of the domain’s public files, including system policies, logon scripts, and important elements of Group Policy objects (GPOs).

The SYSVOL directory must be present and the appropriate subdirectories must be shared on a server before the server can advertise itself on the network as a domain controller.

Shared subdirectories in the SYSVOL tree are replicated to every domain controller in the domain.

Note:

For Group Policy, only the Group Policy template (GPT) is replicated through SYSVOL replication. The

Group Policy container (GPC), which is stored in the domain, is replicated through Active Directory replication. For Group Policy to be effective, both parts must be available on a domain controller.

Using DFS Replication for replicating SYSVOL in Windows Server 2008

Distributed File System (DFS) Replication is a replication service that is available for replicating

SYSVOL to all domain controllers in domains that have the Windows Server 2008 domain functional level. DFS Replication was introduced in Windows Server 2003 R2. However, on domain controllers that are running Windows Server 2003 R2, SYSVOL replication is performed by the File Replication Service (FRS).

Question No: 100 – (Topic 1)

Your company security policy requires complex passwords.

You have a comma delimited file named import.csv that contains user account information. You need to create user account in the domain by using the import.csv file.

You also need to ensure that the new user accounts are set to use default passwords and are disabled.

What should you do?

  1. Modify the userAccountControl attribute to disabled. Run the csvde i k f import.csv command. Run the DSMOD utility to set default passwords for the user accounts.

  2. Modify the userAccountControl attribute to accounts disabled. Run the csvde -f import.csv command. Run the DSMOD utility to set default passwords for the user accounts.

  3. Modify the userAccountControl attribute to disabled. Run the wscript import.csv command. Run the DSADD utility to set default passwords for the imported user accounts.

  4. Modify the userAccountControl attribute to disabled. Run ldifde -i -f import.csv command. Run the DSADD utility to set passwords for the imported user accounts.

Answer: A Explanation: Personal note:

The correct command should be: csvde – i -k -f import.csv http://support.microsoft.com/kb/305144

How to use the UserAccountControl flags to manipulate user account properties

When you open the properties for a user account, click the Account tab, and then either select or clear the check boxes in the Account options dialog box, numerical values are assigned to the UserAccountControl attribute. The value that is assigned to the attribute tells Windows which options have been enabled.

You can view and edit these attributes by using either the Ldp.exe tool or the Adsiedit.msc snap-in.

The following table lists possible flags that you can assign. You cannot set some of the values on a user or computer object because these values can be set or reset only by the directory service. Note that Ldp.exe shows the values in hexadecimal. Adsiedit.msc displays the values in decimal. The flags are cumulative. To disable a user#39;s account, set the UserAccountControl attribute to 0x0202 (0x002 0x0200). In decimal, this is 514 (2 512).

http://technet.microsoft.com/en-us/library/cc732101(v=ws.10).aspx Csvde

Imports and exports data from Active Directory Domain Services (AD DS) using files that store data in the comma-separated value (CSV) format. You can also support batch operations based on the CSV file format standard.

Syntax:

Csvde [-i] [-f lt;FileNamegt;] [-s lt;ServerNamegt;] [-c lt;String1gt; lt;String2gt;] [-v] [-j lt;Pathgt;] [-t

lt;PortNumbergt;] [-d

lt;BaseDNgt;] [-r lt;LDAPFiltergt;] [-p lt;Scope] [-l lt;LDAPAttributeListgt;] [-o lt;LDAPAttributeListgt;] [-g] [-m] [-n] [-k] [-a

lt;UserDistinguishedNamegt; {lt;Passwordgt; | *}] [-b lt;UserNamegt; lt;Domaingt; {lt;Passwordgt; |

*}] Parameters

-i

Specifies import mode. If not specified, the default mode is export.

-f lt;FileNamegt; Identifies the import or export file name.

-k

Ignores errors during an import operation and continues processing. http://technet.microsoft.com/en-us/library/cc732954(v=ws.10).aspx Dsmod user Modifies attributes of one or more existing users in the directory. Syntax:

dsmod user lt;UserDNgt; … [-upn lt;UPNgt;] [-fn lt;FirstNamegt;] [-mi lt;Initialgt;] [-ln lt;LastNamegt;] [-displaylt;DisplayNamegt;] [-empid lt;EmployeeIDgt;] [-pwd (lt;Passwordgt; | *)] [-desc

lt;Descriptiongt;] [-office lt;Officegt;] [-tel

lt;PhoneNumbergt;] [-email lt;E-mailAddressgt;] [-hometel lt;HomePhoneNumbergt;] [-pager

lt;PagerNumbergt;] [-mobile lt;CellPhoneNumbergt;] [-fax lt;FaxNumbergt;] [-iptel

lt;IPPhoneNumbergt;] [-webpg lt;WebPagegt;] [-title

lt;Titlegt;] [-dept lt;Departmentgt;] [-company lt;Companygt;] [-mgr lt;Managergt;] [-hmdir

lt;HomeDirectorygt;] [-hmdrv

lt;DriveLettergt;:] [-profile lt;ProfilePathgt;] [-loscr lt;ScriptPathgt;] [-mustchpwd {yes | no}] [- canchpwd {yes | no}] [-reversiblepwd {yes | no}] [-pwdneverexpires {yes | no}] [-acctexpires

lt;NumberOfDaysgt;] [-disabled {yes | no}] [{-s lt;Servergt; | -d lt;Domaingt;}] [-u lt;UserNamegt;] [-p

{lt;Passwordgt; | *}][-c] [-q] [{-uc | -uco | -uci}] Parameters

lt;UserDNgt;Required. Specifies the distinguished names of the users that you want to modify. If values are omitted, they are obtained through standard input (stdin) to support piping of output from another command to input of this command.

-pwd {lt;Passwordgt; | *}

Resets the passwords for the users that you want to modify as Password or an asterisk (*). If you type *, AD

DS prompts you for a user password.

Topic 2, Volume B

100% Dumps4cert Free Download!
Download Free Demo:70-640 Demo PDF
100% Dumps4cert Pass Guaranteed!
70-640 Dumps

Dumps4cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.