Home » Microsoft » 70-417 v.2 » What should you do?
Your network contains two Active Directory forests named contoso.com and adatum.com.
Each forest contains one domain. Contoso.com has a two-way forest trust to adatum.com. Selective authentication is enabled on the forest trust.
Contoso contains 10 servers that have the File Server role service installed.
Users successfully access shared folders on the file servers by using permissions granted to the Authenticated Users group.
You migrate the file servers to adatum.com.
Contoso users report that after the migration, they are unable to access shared folders on the file servers.
You need to ensure that the Contoso users can access the shared folders on the file servers.
What should you do?
A. Disable selective authentication on the existing forest trust
B. Disable SID filtering on the existing forest trust
C. Run netdom and specify the /quarantine attribute
D. Replace the existing forest trust with an external trust.
Correct Answer: A
Explanation/Reference:
Explanation for A:
Impact of Selective Authentication
Because all verification of incoming interforest authentication requests is done locally on the receiving domain controller in the trusting forest, access to resources in the trusting forest is likely to be extremely limited for a broad set of users on the network (which is the purpose of this security setting). Consequently, implementing selective authentication might require user education, particularly due to the following reasons:
• Users browsing network resources through My Network Places to resources located in a trusting forest might get access denied messages when attempting to access those resources.
• Resources in the trusting forest that were once available to users in a trusted forest might no longer be available.
References:
http://technet.microsoft.com/nl-nl/library/cc755321%28v=ws.10%29.aspx