DRAG DROP
Your network contains two Active Directory forests named contoso.com and adatum.com. Both forests contain
multiple domains. A two-way trust exists between the forests.
The adatum.com domain contains a domain local security group named Group1. Group1 contains adatum
\user1 and contoso\user1.
You need to ensure that Group1 can only contain users from the adatum.com domain.
Which three actions should you perform?
To answer, move three actions from the list of actions to the answer area and arrange them in the correct
order.
Answer: 
Explanation:
wrong answer, remove adatum\user1 -> convert to U -> convert to G
100% good
I agree.
I agree with Beanxyz
Wrong. Group1 is in Adatum domain. You need to
Remove Contoso\User1 , convert to U, Convert to G
Agree with Anvar02
I agree with Anvar02.
Correct.
You cannot remove adatum user. Thus Anvar is corrrect
Answer is:
Remove contoso/user1
Convert group to Universal Group
Convert group to Global Group
We remove the user that is not from the same forest.
We convert the group to universal first so that it we can convert it to global group as we cannot convert it directly from domain local to global.
We then convert it to a global group. We choose global and not universal because universal allows members from anywhere which we don’t want in this case.
tested in lab + instructor comments
i dont feel like testing, but i doubt it matters if you remove the contoso user before or after the convert to universal group as a universal group can contain users from more than 1 domain. But you need to remove it before the convert to global group.
beanxyz is correct.
beanxyz is correct.
Group1 can only contain users from contoso, not adatum.
agree with anvar02
those who are confused please read question very carefully