Configure the Active Directory Infrastructure

Posted on

These questions are based on 70-640 – TS: Windows Server 2008 Active Directory, Configuring
Self Test Software Practice Test


Objective: Configure the Active Directory infrastructure.
Sub-objective: Configure trusts.


Single answer, multiple-choice


You are the administrator of your company’s Windows Server 2008 single Active Directory forest. The forest consists of one domain, named verigon.com. All servers on the domain run Windows Server 2008, and all client computers run Windows Vista. The functional level of the network is Windows Server 2008. Verigon has decided to purchase a company called DreamSuites. The DreamSuites company network consists of a single Windows Server 2003 domain, named dreamsuites.com.


The users in the sales department of Verigon need to access files from the sales department on several servers of DreamSuites. The server at DreamSuites is named Server1. You must configure access for Verigon’s users, but DreamSuites users must not be allowed access to Verigon. What should you do?



  1. Configure a one-way external trust where dreamsuites.com trusts verigon.com.
  2. Configure a one-way external trust where verigon.com trusts dreamsuites.com.
  3. Configure a one-way shortcut trust between the dreamsuites.com domain and the verigon.com domain.
  4. Configure a one-way shortcut trust between the verigon.com domain and the dreamsuites.com domain.

Answer:
A. Configure a one-way external trust where dreamsuites.com trusts verigon.com.


Tutorial:
You should configure a one-way external trust where dreamsuites.com trusts verigon.com. A one-way external trust will allow an explicit trust to be created between a Windows Server 2008 forest and a Windows Server 2003 domain. The domain providing access to the resource is configured as the trusting domain, and the domain supporting the users who will gain access to the resources is configured as the trusted domain. To allow users to access resources on Server1 in the dreamsuites.com domain, the dreamsuites.com domain must trust verigon.com domain.


With outgoing forest and external trusts, you can specify either selective or domain-wide authentication. Domain-wide authentication provides users from a trusted domain the same level of access to local resources as users from the local forest. Selective authentication allows users from a trusted domain to authenticate only to those resources they are explicitly allowed to authenticate. In this scenario, the sales department at Verigon needs to access sales department files on several DreamSuites servers.


You can configure domain-wide authentication since the Verigon users need access to several resources. If the Verigon users needed access to a single server, you could use Selective authentication to ensure Verigon users only had access to the single server.


You should not configure a one-way external trust where verigon.com trusts dreamsuites.com. This action will allow the users at dreamsuites.com to access resources in the verigon.com domain. This is opposite of the objectives stated in the scenario.


You cannot configure a one-way shortcut trust between the dreamsuites.com domain and the verigon.com domain. A shortcut trust is configured to allow access to resources between two domains that are logically distant from each other in the Active Directory tree. These domains must reside in the same Active Directory forest, which verigon.com and dreamsuites.com do not.


Reference:
Windows Server TechCenter > Windows Server 2003 Technical Library > Windows Server 2003: Product Help > Windows Server 2003 Product Help > Active Directory > Active Directory Concepts > Understanding Active Directory > Understanding Trusts > Trust types


Windows Server TechCenter > Windows Server 2003 Technical Library > Windows Server 2003: Technical Reference > Windows Server 2003 Technical Reference > Technologies Collections > Windows Security Collection > Trust Technologies > Domain and Forest Trusts Technical Reference > What Are Domain and Forest Trusts?


Windows Server TechCenter > Windows Server 2003 Technical Library > Windows Server 2003: Technical Reference > Windows Server 2003 Technical Reference > Technologies Collections > Windows Security Collection > Trust Technologies > Domain and Forest Trusts Technical Reference > Domain and Forest Trust Tools and Settings

Like what you see? Share it.Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone
cmadmin

ABOUT THE AUTHOR

Posted in Archive|

Comment: