You have a domain named pearson with two sites named Chicago and Denver. You also have a Windows Server 2016 IPAM server named IPAM1 that centrally manages all DNS and DHCP servers. Visitor devices must be automatically registered in visitors.pearson. The zone is created as an AD-integrated DNS zone with a forest-wide replication scope. You have four DHCP servers: DHCP1 and DHCP2 (Chicago), and DHCP3 and DHCP4 (Denver). You want to configure (with least administrative effort) visitor devices to be automatically registered in visitors.pearson with their IP address and hostname. You want to apply the configuration only to the following scopes: Scope2 (DHCP2): 10.10.0.0/24; Scope4 (DHCP4): 172.16.0.0/16. Which configuration is a valid solution for this scenario?

IPAM in Windows Server 2016 R2 includes a role based access control feature that enables detailed control of the procedures that IPAM users are able to perform. Role based access control adds permissions to the user’s existing access permissions. You cannot deny permission for a user with an access policy. If a user already has permission granted to perform a procedure because they are a member of one or more IPAM administrator groups, they will continue to have that permission even if they have only limited rights granted by role based access polices. If you have deployed IPAM on Windows Server 2016 R2, it is recommended to use the new access control feature available in this version of IPAM.