Your network contains an Active Directory forest named Corp. The forest functional level is Windows Server 2016.
You deploy a new forest named Priv and set the forest functional level to Windows Server 2016.
You need to implement Privileged Access Management (PAM).
What should you do next?
A. Install Microsoft Identity Manager (MIM) on a server in the Priv forest.
B. Install Microsoft Identity Manager (MIM) in the Corp forest.
C. Create shadow accounts in the Priv forest.
D. Create shadow accounts in the Corp forest.
Ans: C. Create shadow accounts in the Priv forest
Installing MIM in priv forest is optional.
https://secureidentity.se/msds-shadowprincipal/
The good Answer is A, because in the configuration of the question, there is not yet a trust relationship, so copying is not possible between the two forests.
check out : https://secureidentity.se/msds-shadowprincipal/ the refered link also telling us smth about the shadow accounts
its possible without mim so answer would be correct
wrong.
the answer should A. Install Microsoft Identity Manager (MIM) on a server in the Priv forest.
Answer is incorrect. First of all, you must install MIM on server in the PRIV forest. So answer is A.