You need to ensure that User1 can log on to the computer in the nwtraders.com domain

Your network contains two Active Directory forests.
One forestcontains two domainsnamed contoso.comand na.contoso.com.
The other forestcontains a domainnamed nwtraders.com.
A forest trustis configured between the two forests.
You have a usernamed User1 inthe na.contoso.comdomain.
User1 reportsthat he fails to log on to a computer in the nwtraders.com domain by using the user name
NA\User1.
Other users from na.contoso.com report that they can log on to the computers in the nwtraders.com
domain.
You need to ensure that User1 can log on to the computer in the nwtraders.com domain.
What should you do?

Your network contains two Active Directory forests.
One forestcontains two domainsnamed contoso.comand na.contoso.com.
The other forestcontains a domainnamed nwtraders.com.
A forest trustis configured between the two forests.
You have a usernamed User1 inthe na.contoso.comdomain.
User1 reportsthat he fails to log on to a computer in the nwtraders.com domain by using the user name
NA\User1.
Other users from na.contoso.com report that they can log on to the computers in the nwtraders.com
domain.
You need to ensure that User1 can log on to the computer in the nwtraders.com domain.
What should you do?

A.
Enable selective authentication over the forest trust.

B.
Create an external one-way trust from na.contoso.com to nwtraders.com.

C.
Instruct User1 to log on to the computer by usinghis user principal name (UPN).

D.
Instruct User1 to log on to the computer by usingthe user name nwtraders\User1.

Explanation:
http://apttech.wordpress.com/2012/02/29/what-is-upn-and-why-to-use-it/
What is UPN and why to use it?
UPN or User Principal Name is a logon method of authentication when you enter the credentials as
[email protected] instead of Windows authentication method: domainname\username to be used
as login.
So UPN is BASICALLY a suffix that is added after a username which can be used in place of “Samaccount”
name to authenticate a user. So lets say your company is called ABC, then instead of ABC\Username you can
use [email protected] at the authentication popup.
The additional UPN suffix can help users to simplify the logon information in long domain names with an easier
name. Example: instead of “[email protected]”, change it to
“username@atlanta”, if you create an UPN suffix called Atlanta.
http://blogs.technet.com/b/mir/archive/2011/06/12/accessing-resources-across-forest-and-achieve-single-signon-part1.aspx
Accessing Resources across forest and achieve Single Sign ON (Part1)
http://technet.microsoft.com/en-us/library/cc772808%28v=ws.10%29.aspx
Accessing resources across forests

When a forest trust is first established, each forest collects all of the trusted namespaces in its partner forest
and stores the information in a TDO. Trusted namespaces include domain tree names, user principal name
(UPN) suffixes, service principal name (SPN) suffixes, and security ID (SID) namespaces used in the other
forest. TDO objects are replicated to the global catalog.

Show Hint

Leave a Reply 0

Your email address will not be published. Required fields are marked *