Your network contains two Active Directory forests named contoso.com and adatum.com.
Each forest contains one domain. Contoso.com has a two-way forest trust to adatum.com.
Selective authentication is enabled on the forest trust.
Contoso contains 10 servers that have the File Server role service installed.
Users successfully access shared folders on the file servers by using permissions granted to the
Authenticated Users group.
You migrate the file servers to adatum.com.
Contoso users report that after the migration, they are unable to access shared folders on the file
servers.
You need to ensure that the Contoso users can access the shared folders on the file servers.
What should you do?
A.
Disable selective authentication on the existing forest trust.
B.
Disable SID filtering on the existing forest trust.
C.
Run netdom and specify the /quarantine attribute.
D.
Replace the existing forest trust with an external trust.
Explanation:
http://technet.microsoft.com/nl-nl/library/cc755321%28v=ws.10%29.aspx
Impact of Selective Authentication
Because all verification of incoming interforest authentication requests is done locally on the
receiving domain controller in the trusting forest, access to resources in the trusting forest is likely
to be extremely limited for a broad set of users on the network (which is the purpose of this
security setting). Consequently, implementing selective authentication might require user
education, particularly due to the following reasons:
Users browsing network resources through My Network Places to resources located in a trusting
forest might get access denied messages when attempting to access those resources.
Resources in the trusting forest that were once available to users in a trusted forest might no
longer be available.
Very similar to this question, but with a different answer (and one-way, instead of two-way trust mentioned) http://www.aiotestking.com/microsoft/you-need-to-ensure-that-the-migrated-users-can-access-the-resources-in-contosocom-3/
Selective authentication requires explicitly stating ON THE TARGET COMPUTER ACCOUNT which accounts from trusted domains can access it.
Since the servers have been moved out of their domain, the options are to edit the security of the file server computer accounts to allow all the contoso users or simply remove selective authentication.
user –> Disable SID filtering on the existing forest trust.
file –> Disable selective authentication on the existing forest trust.
so a is the correct answer