Which cmdlet should you run to achieve each requirement?

Your network contains an Active Directory forest named contoso.com.
All servers run Windows Server 2012 R2.
The forest contains two servers.
The servers are configured as shown in the following table.

You prepare the forest to support Workplace Join and you enable the Device Registration Service (DRS) on Server1.
You need to ensure that Workplace Join meets the following requirements:
– Application access must be based on device claims.
– Users who attempt to join their device to the workplace through Server2 must be prevented from locking out their
Active Directory account due to invalid credentials.
Which cmdlet should you run to achieve each requirement? To answer, select the cmdlet for each requirement in the answer area.
Hot Area:

Your network contains an Active Directory forest named contoso.com.
All servers run Windows Server 2012 R2.
The forest contains two servers.
The servers are configured as shown in the following table.

You prepare the forest to support Workplace Join and you enable the Device Registration Service (DRS) on Server1.
You need to ensure that Workplace Join meets the following requirements:
– Application access must be based on device claims.
– Users who attempt to join their device to the workplace through Server2 must be prevented from locking out their
Active Directory account due to invalid credentials.
Which cmdlet should you run to achieve each requirement? To answer, select the cmdlet for each requirement in the answer area.
Hot Area:

Answer:



Leave a Reply 1

Your email address will not be published. Required fields are marked *


Marvin

Marvin

1. Application access must be based on device claims
https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/device-authentication-controls-in-ad-fs

PS:\>Set-AdfsGlobalAuthenticationPolicy –DeviceAuthenticationEnabled $true

2. Users who attempt to join their device to the workplace through Server2 must be prevented from locking out their Active Directory account due to invalid credentials.
https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-ad-fs-extranet-lockout-protection

Set-AdfsProperties -EnableExtranetLockout $false