Securing Windows Server 2016 — Question 192

Your network contains two Active Directory forests named corp.contoso.com and priv.contoso.com. Both forests have only a single domain. The priv.contoso.com domain contains a server named Server1 that runs Windows Server 2016.
You install Microsoft Identity Manager (MIM) 2016 on Server1.
You plan to deploy MIM-based Privileged Access Management (PAM) between the two forests.
You run New-PAMTrust in the priv.contoso.com domain.
You need to configure the trust relationship between the forests to support the PAM deployment.
Which three settings should you configure for the trust? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

Answer options

• A. quarantine to no
• B. enablesidhistory to yes
• C. transitive to no
• D. enablepimtrust to yes
• E. foresttransitive to no

Correct answer: A, B, D

Explanation

The correct settings A, B, and D are essential for establishing a proper trust relationship for PAM deployment. Setting quarantine to no allows users to access resources without restrictions, enabling SID history ensures that users retain their permissions across forests, and enabling PAM trust is crucial for the PAM functionalities. Options C and E are incorrect as they do not align with the requirements for PAM setup.