The Job Title attribute for a domain user named User1 has a value of Sales Manager.
User1 runs whoami /claims and receives the following output
Kerberos support for Dynamic Access Control on this device has been disabled.
You need to ensure that the security token of User1 has a claim for Job Title. What should you do?
A.
From Windows PowerShell, run the New-ADClaimTransformPolicy cmdlet and specify the -Name
parameter
B.
From Active Directory Users and Computers, modify the properties of the User1 account.
C.
From Active Directory Administrative Center, add a claim type.
D.
From a Group Policy object (GPO), configure KDC support for claims, compound authentication, and
Kerberos armoring.
Explanation:
From the output, obviously, a claim type is missing (or disabled) so that the domain controller is not issuing
tickets with the “Job Title” claim type.