Administering Windows Server Hybrid Core Infrastructure (AZ-800) Practice

What task can Azure AD DS domain administrators perform regarding GPO?

• A. Add domain controllers to the managed domain.
• B. Configure built-in GPO for AADDC Users.
• C. Connect to domain controllers using Remote Desktop.
• D. Delete custom OUs in the managed domain.

The correct answer is: Configure built-in GPO for AADDC Users.

Azure AD DS domain administrators have the ability to configure built-in Group Policy Objects (GPO) for AADDC Users. This capability allows administrators to manage policies that dictate specific settings and configurations across the Azure Active Directory Domain Services environment. By utilizing GPOs, they can enforce organizational security policies, software deployment settings, and user environment configurations, which streamlines management in a hybrid cloud infrastructure. The other options are not tasks that Azure AD DS domain administrators can perform. For instance, adding domain controllers to a managed domain is something typically reserved for higher-level administrative roles within the context of on-premises Active Directory and is not applicable to Azure AD DS in the same way. Similarly, connecting to domain controllers through Remote Desktop is not allowed in Azure AD DS, as it does not provide direct access to the underlying domain controllers. Lastly, while Azure AD DS domain administrators can manage Organizational Units (OUs) and their contents, the deletion of custom OUs may carry restrictions to ensure the integrity and structure of the managed domain. Such operations are often limited to higher administrative privileges.