###BeginCaseStudy###
Case Study: 4
A Datum
Background
General Background
You are a SharePoint administrator for A. Datum Corporation. A. Datum is a large legal firm with
offices in Chicago, New York, and London. A. Datum is merging with a smaller legal firm named
Fabrikam, Inc.
Technical Background
A Datum has an Active Directory Domain Services (AD DS) domain named adatum.com. The domain
contains an Active Directory Rights Management Services (AD RMS) server.
The A. Datum SharePoint environment includes the sites described in the following table.
The A. Datum SharePoint environment contains two servers that run all SharePoint services. The
servers run Windows Server 2012 and are members of the domain. A third-party file-level antivirus
application runs on all servers in the domain. The adatum.com farm uses Microsoft SQL Server 2012
for the SharePoint databases.
A Datum is planning a three-tier SharePoint farm to replace the existing farm. A firewall will be
placed between each tier. All servers must be virtualized unless otherwise specified. The following
servers are available for the new SharePoint environment:
All user accounts are stored in and maintained by using Active Directory. The My Site portal and
document portal SharePoint sites receive user and group membership information by using Active
Directory synchronization. New users often have to wait more than 24 hours before they can view
their user profile information.
Fabrikam has an AD DS domain named fabrikam.com and a single-server SharePoint environment.
Web Applications
A new remote web application named App1 will be hosted in the adatum.com domain. App1 will
require access to SharePoint resources in the fabrikam.com domain. SharePoint administrators in
the fabrikam.com domain must be able to administer App1 by using Windows PowerShell.
Technical Requirements
You must meet the following technical requirements:
• Fabrikam users must be able to directly access internal SharePoint
resources in the adatum.com domain.
• Datum users must not be able to access resources in the
fabrikam.com domain.
• All documents relating to the merger must contain a barcode, and
must be protected from distribution.
• Authenticated users must not be prompted for credentials when
they access App1.
• Users in the adatum.com domain must be able to access all
SharePoint sites the same day they receive their Active Directory account
credentials.
• When a user account is deleted, the user’s personal site collection
must automatically be removed within 12 hours.
• The antivirus application must not scan SharePoint directories.
When migrating the SharePoint environment, you must meet the following requirements:
• The application and database servers must not be accessible from
the Internet.
• The database servers must accept connections only from the
SharePoint servers.
• The database servers must be physical machines running Windows
Server 2012 with direct access to storage.
• The database servers must be configured for redundancy.
• All database transaction logs must be sent off-site.
• All SharePoint installation prerequisites must be installed offline.
###EndCaseStudy###
DRAG DROP
You need to configure cross-forest authentication.
How should you configure the authentication? (To answer, drag the appropriate trust element to the
correct target in the answer area. Each trust element may be used once, more than once, or not at
all. You may need to drag the split bar between panes or scroll to view content.)
Answer: 
Explanation:
Note:
* From scenario:
/ Fabrikam has an AD DS domain named fabrikam.com
/ Fabrikam users must be able to directly access internal SharePoint resources in the adatum.com
domain.
/ Datum users must not be able to access resources in the fabrikam.com domain.
* A.Datum need to Trust Fabrikam (as Fabrikam need to access resources in A.Datum) so A.Datum is
the source and Fabrikam the destination.
* A one-way, outgoing, forest trust allows resources in your Windows Server 2008 forest or
Windows Server 2003 forest (the forest that you are logged on to at the time that you run the New
Trust Wizard) to be accessed by users in another Windows Server 2008 forest or Windows Server
2003 forest. For example, if you are the administrator of the wingtiptoys.com forest and resources in
that forest need to be accessed by users in the tailspintoys.com forest, you can use this procedure to
establish one side of the relationship so that users in the tailspintoys.com forest can access
resources in any of the domains that make up the wingtiptoys.com forest.
Create a One-Way, Outgoing, Forest Trust for One Side of the Trust