You implement cross-forest enrollment between Contoso.com and Fabrikam.com.
You receive version errors when you deploy updated certificates from the Contoso domain to the
Fabrikam domain.
You need to ensure that you can deploy the certificates to the fabrikam.com domain.
What should you do?
A.
Run the following Windows PowerShell script:
DumpADObj.ps1 –ForestName fabrikam.com
B.
Run the following Windows PowerShell script:
PKISync.ps1 -sourceforest contoso.com -targetforest fabricam.com -f
C.
Run the following Windows PowerShell command:
Get-CertificationAuthority contoso.com | Get-PendingRequest | Approve-CertificateRequest
D.
Run the following Windows PowerShell command:
Get-CertificationAuthority –Name contoso.com | Get-PolicyModuleFlag | Enable-PolicyModuleFlag
EnableOCSPRevNoCheck, DisableExtensionList -RestartCA
Explanation:
AD CS: DumpADObj.ps1 Script for Cross-forest Certificate Enrollment
https://technet.microsoft.com/en-us/library/ff961505(v=ws.10).aspx
A or B?
i got this question on my exam today, (i passed, thank God), and i put B.PKISync.ps1. don’t know if i got it correct though, on my transcript “identity and access solutions” is the lowest score
really torn about the 2 though. while pkisync.ps1 is used during initial deployment and will keep forest objects synchronized, at any time afterwards, dumpadobj.ps1 will actually troubleshoot enrollment and sync problems, so…
DumpADObj.ps1 only dumps object for troubleshooting.
PHISync.ps1 with the -f flag forces an update between forest.
So Answer is B