You need to prevent Group1 from being used to provide access to the resources in contoso.com

Your network contains two Active Directory forests named contoso.com and adatum.com.
All servers run Windows Server 2012.
A one-way external trust exists between contoso.comand adatum.com.
Adatum.com contains a universal group named Group1.
You need to prevent Group1 from being used to provide access to the resources in contoso.com.
What should you do?

Your network contains two Active Directory forests named contoso.com and adatum.com.
All servers run Windows Server 2012.
A one-way external trust exists between contoso.comand adatum.com.
Adatum.com contains a universal group named Group1.
You need to prevent Group1 from being used to provide access to the resources in contoso.com.
What should you do?

A.
Modify the Managed By settings of Group1.

B.
Modify the Allowed to Authenticate permissions inadatum.com.

C.
Change the type of Group1 to distribution.

D.
Modify the name of Group1.

Explanation:
* Accounts that require access to the customer Active Directory will be granted a special right calledAllowed to
Authenticate. This right is then applied to computer objects (Active
Directory domain controllers and AD RMS servers) within the customer Active Directory to which the account
needs access.
* For users in a trusted Windows Server 2008 or Windows Server 2003 domain or forest to be able to access
resources in a trusting Windows Server 2008 or Windows Server 2003 domain or forest where the trust
authentication setting has been set to selective authentication, each user must be explicitly granted the Allowed
to Authenticate permission on the security descriptor of the computer objects (resource computers) that reside
in the trusting domain or forest.



Leave a Reply 3

Your email address will not be published. Required fields are marked *


Steven

Steven

B is correct. No other answer makes sense.

robber

robber

C makes senses as distribution groups can’t be used for resource access.