QUESTION 211
Your network contains an Active Directory domain named contoso.com. The domain controllers in the domain are configured as shown in the following table.
You deploy a new domain controller named DC3 that runs Windows Server 2012 R2. You discover that you cannot create Password Settings objects (PSOs) by using Active Directory Administrative Center. You need to ensure that you can create PSOs from Active Directory Administrative Center. What should you do?
A. Raise the functional level of the domain.
B. Upgrade DC1.
C. Transfer the infrastructure master operations master role.
D. Transfer the PDC emulator operations master role.
Answer: A
Explanation:
Fine-grained password policies allow you to specify multiple password policies within a single domain so that you can apply different restrictions for password and account lockout policies to different sets of users in a domain. To use a fine-grained password policy, your domain functional level must be at least Windows Server 2008. To enable fine-grained password policies, you first create a Password Settings Object (PSO). You then configure the same settings that you configure for the password and account lockout policies. You can create and apply PSOs in the Windows Server 2012 environment by using the Active Directory Administrative Center (ADAC) or Windows PowerShell.
Step 1: Create a PSO
Applies To: Windows Server 2008, Windows Server 2008 R2
http://technet.microsoft.com/en-us//library/cc754461%28v=ws.10%29.aspx
Read more