单项选择题 Your company has a single Active Directory domain. You have 30 database servers that run Windows Server 2008 R2.   The computer accounts for the database servers are stored in an organizational unit （OU） named Data.   The user accounts for the database administrators are stored in an OU named Admin. The database administrators are members of a global group named D_Admins.   You must allow the database administrators to perform administrative tasks on the database servers. You must prevent the database administrators from performing administrative tasks on other servers. What should you do？（）

单项选择题 Your network contains several branch offices. All servers run Windows Server 2008 R2. Each branch office contains a domain controller and a file server.   The DHCP Server server role is installed on the branch office domain controllers. Each office has a branch office administrator.   You need to delegate the administration of DHCP to meet the following requirements： èAllow branch office administrators to manage DHCP scopes for their own office   èPrevent the branch office administrators from managing DHCP scopes in other offices èMinimize administrative effort. What should you do？（）

单项选择题 Your network consists of a single Active Directory forest. The forest functional level is Windows Server 2008 R2. The forest contains two domains named contoso.com and na.contoso.com.   Contoso.com contains a user named User1. Na.contoso.com contains an organizational unit （OU） named  Security.   You need to give User1 administrative rights so that he can manage Group Policies for the Security OU.   You want to achieve this goal while meeting the following requirements：   èUser1 must be able to create and configure Group Policies in na.contoso.com. èUser1 must be able to link Group Policies to the Security OU.   èUser1 must be granted the least administrative rights necessary to achieve the goal. What should you do？（）