Which of the following should you use to accomplish this goal?

You have configured a forest trust relationship between the Adatum forest and the Contoso forest.
You want to ensure that users from the Contoso forest can authenticate only when needing to
access resources in the Adatum forest using the [email protected] UPN rather than
any other UPN that is available for them.
Which of the following should you use to accomplish this goal?

You have configured a forest trust relationship between the Adatum forest and the Contoso forest.
You want to ensure that users from the Contoso forest can authenticate only when needing to
access resources in the Adatum forest using the [email protected] UPN rather than
any other UPN that is available for them.
Which of the following should you use to accomplish this goal?

A.
SID filtering

B.
Name suffix routing

C.
Shortcut trust

D.
External trust

Show Hint

Leave a Reply 2

Your email address will not be published. Required fields are marked *

3 + five =

yqr

yqr

B

https://technet.microsoft.com/en-us/library/cc731648(v=ws.11).aspx

“Name suffix routing is a mechanism that you can use to manage how authentication requests are routed across Active Directory forests that are joined by forest trusts. To simplify the administration of authentication requests, when you create a forest trust all unique name suffixes are routed by default. A unique name suffix is a name suffix within a forest, such as a user principal name (UPN) suffix, service principal name (SPN) suffix, or Domain Name System (DNS) forest or domain tree name that is not subordinate to any other name suffix.”

Reply

Chris

Chris

Answer: D
The root forest/domain in a forest trust can not be excluded from routing, only child domains can be excluded from routing.
The Forest trust would need to be disabled, and an external trust would need to be setup from Adatum.com to secure.contoso.com.

Reply