Your network contains an Active Directory forest named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2016.
You create a new bastion forest named admin.contoso.com. The forest functional level of admin.contoso.com is Windows Server 2012 R2.
You need to implement a Privileged Access Management (PAM) solution.
Which two actions should you perform? Each correct answer presents part of the solution.
A. Raise the forest functional level of admin.contoso.com.
B. Deploy Microsoft Identify Management (MIM) 2016 to admin.contoso.com.
C. Configure contoso.com to trust admin.contoso.com.
D. Deploy Microsoft Identity Management (MIM) 2016 to contoso.com.
E. Raise the forest functional level of contoso.com.
F. Configure admin.contoso.com to trustcontoso.com.
B and C are correct!
A then B then C, so A and B are the correct anwser
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/active-directory-functional-levels
https://docs.microsoft.com/en-us/microsoft-identity-manager/pam/privileged-identity-management-for-active-directory-domain-services
The answer is actually A and C, MIM is not required but very helpful. A and C are required.
https://www.petri.com/windows-server-2016-set-privileged-access-management
Should be which 3 things do you need to do: ABC
https://docs.microsoft.com/en-us/microsoft-identity-manager/pam/privileged-identity-management-for-active-directory-domain-services
This article says MIM and trust
https://docs.microsoft.com/windows-server/identity/ad-ds/active-directory-functional-levels
This article says it needs FFL 2016
wrong , the answer should be :
A. Raise the forest functional level of admin.contoso.com.
B. Deploy Microsoft Identify Management (MIM) 2016 to admin.contoso.com.
Answer is A & B
“Privileged access management (PAM) using Microsoft Identity Manager (MIM)” is supported from Windows Server 2016 forest functional level
https://docs.microsoft.com/de-de/windows-server/identity/ad-ds/active-directory-functional-levels
Answers B and C are correct.
PAM Scenario: Active Directory for bastion environment PAM forest:
Windows Server 2012 R2 (NR)
Windows Server 2016 *
PAM Scenario: Active Directory for PAM scenario existing (CORP) forests:
Windows Server 2008
Windows Server 2008 R2 *
Windows Server 2012 *
Windows Server 2012 R2 *
Windows Server 2016 *
docs.microsoft.com/en-us/microsoft-identity-manager/microsoft-identity-manager-2016-supported-platforms
is’s tricky
contoso.com must be FFL 2012 R2
admin.contoso.com must be FFL 2016!!!
most guides do not pay attention to it becuase default FFL for WS2016 is 2016, so correct answers are:
Raise the forest functional level of admin.contoso.com.
Raise the forest functional level of contoso.com.
and then deploy mim 2016 to admin.contoso.com