Your company has two divisions named Division1 and Division2.
The network contains an Active Directory domain named contoso.com. The domain contains two child domains named divisionl.contoso.com and
division2.contoso.com.
The company sells Division1 to another company.
You need to prevent administrators in contoso.com and division2.contoso.com from gaining administrative access to the resources in divisionl.contoso.com.
What should you recommend?
A.
Create a new tree in the forest named contoso.secure. Migrate the resources and the accounts in divisionl.contoso.com to contoso.secure.
B.
On the domain controller accounts in divisionl.contoso.com, deny the Enterprise Admins group the Allowed to Authenticate permission.
C.
Create a new forest and migrate the resources and the accounts in divisionl.contoso.com to the new forest.
D.
In divisionl.contoso.com, remove the Enterprise Admins group from the Domain Admins group and remove the Enterprise Admins group from the access control
list (ACL) on the divisionl.contoso.com domain object.