Administering Windows Server Hybrid Core Infrastructure (AZ-800) 2025 – 400 Free Practice Questions to Pass the Exam

Creating a user account in a domain like Contoso.com requires specific permissions that are typically granted to certain groups. The Domain Local Account Operators group is specifically designed for managing user accounts within the domain. Members of this group have the necessary rights to create, delete, and manage user accounts, which is why this option is correct.

While the Enterprise Admins group does have elevated privileges and can manage all aspects of the Active Directory forest, it is not the most appropriate choice as creating user accounts is within the purview of the Account Operators group. The Local Administrators group pertains to local machine management, not domain-wide account creation. The Group Policy Admins group focuses on the management of Group Policy objects rather than user accounts, making it irrelevant for this specific task. Thus, the Domain Local Account Operators group is the most suitable option for the task of creating user accounts in the given domain scenario.