Your network contains an Active Directory forest named contoso.com. The forest contains
three domains. All domain controllers run Windows Server 2012 R2.
The forest has a two-way realm trust to a Kerberos realm named adatum.com.
You discover that users in adatum.com can only access resources in the root domain of
contoso.com.
You need to ensure that the adatum.com users can access the resources in all of the
domains in the forest.
What should you do in the forest?
A.
Delete the realm trust and create a forest trust.
B.
Delete the realm trust and create three external trusts.
C.
Modify the incoming realm trust.
D.
Modify the outgoing realm trust.
D. Modify the outgoing realm trust.
Modify the outgoing realm trust in which way?
Make sure the outgoing realm trust is transitive, so the trust applies to the root domain and all subdomains, if the trust is non-transitive it only applies to the root domain
Answer: D
Explanation:
* A one-way, outgoing realm trust allows resources in your Windows Server domain (the domain
that you are logged on to at the time that you run the New Trust Wizard) to be accessed by users
in the Kerberos realm.
* You can establish a realm trust between any non-Windows Kerberos version 5 (V5) realm and
an Active Directory domain. This trust relationship allows cross-platform interoperability with
security services that are based on other versions of the Kerberos V5 protocol, for example, UNIX
and MIT implementations. Realm trusts can switch from nontransitive to transitive and back.
Realm trusts can also be either one-way or two-way.