You need to ensure that the rights account certificates issued in adatum.com are accepted by the AD RMS root cluster in contoso.com

DRAG DROP
Your network contains two Active Directory forests named contoso.com and adatum.com.
Each forest contains an Active Directory Rights Management Services (AD RMS) root
cluster. All servers run Windows Server 2012 R2.
You need to ensure that the rights account certificates issued in adatum.com are accepted
by the AD RMS root cluster in contoso.com.
What should you do in each forest?
To answer, drag the appropriate actions to the correct forests. Each action may be used
once, more than once, or not at all. You may need to drag the split bar between panes or
scroll to view content.

DRAG DROP
Your network contains two Active Directory forests named contoso.com and adatum.com.
Each forest contains an Active Directory Rights Management Services (AD RMS) root
cluster. All servers run Windows Server 2012 R2.
You need to ensure that the rights account certificates issued in adatum.com are accepted
by the AD RMS root cluster in contoso.com.
What should you do in each forest?
To answer, drag the appropriate actions to the correct forests. Each action may be used
once, more than once, or not at all. You may need to drag the split bar between panes or
scroll to view content.

Answer:

Explanation:

Show Hint

Leave a Reply 4

Your email address will not be published. Required fields are marked *

James L

James L

Answer seems to be correct

Cross-Boundary Collaboration Considerations

——————————————————————————–

AD RMS can extend its services to other organizations or forests. AD RMS manages multi-forest scenarios using trust policies settings. You can add trust policies so that AD RMS can process licensing requests for content that was rights-protected by a different AD RMS cluster. You can define the following trust policies:

•Trusted user domains (TUD). The addition of a trusted user domain allows the AD RMS certification cluster to process requests for client licensor certificates or use licenses from users whose rights account certificates (RACs) were issued by a different AD RMS certification cluster.

You add a trusted user domain by importing the server licensor certificate of the AD RMS cluster to trust.

https://technet.microsoft.com/en-us/library/ee221071(v=ws.10).aspx

Reply

Joe

Joe

seems right…

Trusted user domains . The addition of a trusted user domain allows the AD RMS root cluster to process requests for client licensor certificates or use licenses from users whose rights account certificates (RACs) were issued by a different AD RMS root cluster. You add a trusted user domain by importing the server licensor certificate of the AD RMS cluster to trust

Obviously to be able to import the certificate it needs exporting from the other domain first.

Reply

Joe

Joe

After looking at this again, I still think the answer is correct. I have thought of an easier way to look at it.

It is like when you want to give users in a domain certificates from a CA in a different domain, you have to export the CA certificate and import it to a machine in the other domain to allow it to trust the CA.
So in this example adatum.com is where the CA is and contoso.com is where the machine is.

Reply