Configuring Advanced Windows Server 2012 Services — Question 8

Your network contains two Active Directory forests named contoso.com and adatum.com. Each forest contains one domain. Contoso.com has a two-way forest trust to adatum.com. Selective authentication is enabled on the forest trust.
Contoso contains 10 servers that have the File Server role service installed. Users successfully access shared folders on the file servers by using permissions granted to the Authenticated Users group.
You migrate the file servers to adatum.com.
Contoso users report that after the migration, they are unable to access shared folders on the file servers.
You need to ensure that the Contoso users can access the shared folders on the file servers.
What should you do?

Answer options

• A. Disable selective authentication on the existing forest trust.
• B. Disable SID filtering on the existing forest trust.
• C. Run netdom and specify the /quarantine attribute.
• D. Replace the existing forest trust with an external trust.

Correct answer: B

Explanation

Disabling SID filtering on the existing forest trust allows security identifiers (SIDs) from contoso.com to be recognized and accepted in adatum.com, thereby granting access to the shared folders. Disabling selective authentication would not be appropriate as it could lead to security risks by allowing all users access. The other options do not address the specific issue of SID filtering, which is essential in this scenario.