Your network contains an Active Directory domain named contoso.com. All domain controllers run either Windows Server 2008 or Windows Server 2008 R2. You deploy a new domain controller named DC1 that runs Windows Server 2012 R2. You log on to DC1 by using an account that is a member of the Domain Admins group. You discover that you cannot create Password Settings objects (PSOs) by using Active Directory Administrative Center. You need to ensure that you can create PSOs from Active Directory Administrative Center.
What should you do?
A . Modify the membership of the Group Policy Creator Owners group.
B . Transfer the PDC emulator operations master role to DC1.
C . Upgrade all of the domain controllers that run Window Server 2008.
D . Raise the functional level of the domain.
Answer: D
Explanation:
Fine-grained password policies allow you to specify multiple password policies within a single domain so that you can apply different restrictions for password and account lockout policies to different sets of users in a domain. To use a fine-grained password policy, your domain functional level must be at least Windows Server 2008. To enable fine-grained password policies, you first create a Password Settings Object (PSO). You then configure the same settings that you configure for the password and account lockout policies. You can create and apply PSOs in the Windows Server 2012 environment by using the Active Directory Administrative Center (ADAC) or Windows PowerShell.
Step 1: Create a PSO
Applies To: Windows Server 2008, Windows Server 2008 R2
Reference:
http://technet.microsoft.com/en-us//library/cc754461%28v=ws.10%29.aspx