PrepAway - Latest Free Exam Questions & Answers

which group should you add the users?

Your network contains two Active Directory forests named contoso.com and fabrikam.com.
Each forest contains one domain. A two-way forest trust exists between the forests.
You plan to add users from fabrikam.com to groups in contoso.com.
You need to identify which group you must use to assign users in fabrikam.com access to
the shared folders in contoso.com.
To which group should you add the users?

PrepAway - Latest Free Exam Questions & Answers

A.
Group 1: Security Group – Domain Local.

B.
Group 2: Distribution Group – Domain Local.

C.
Group 3: Security Group – Global.

D.
Group 4: Distribution Group – Global.

E.
Group 5: Security Group – Universal.

F.
Group 6: Distribution Group – Universal.

Explanation:
http://technet.microsoft.com/en-us/library/cc772808.aspx
Best practices for using security groups across forests
By carefully using domain local, global, and universal groups, administrators can more
effectively control access to resources located in other forests. Consider the following best
practices:
To represent the sets of users who need access to the same types of resources, create rolebased global groups in every domain and forest that contains these users. For example,
users in the Sales Department in ForestA require access to an order-entry application that is
a resource in ForestB. Account Department users in ForestA require access to the same
application, but these users are in a different domain. In ForestA, create the global group
SalesOrder and add users in the Sales Department to the group.
Create the global group AccountsOrder and add users in the Accounting Department to that
group.
To group the users from one forest who require similar access to the same resources in a
different forest, create universal groups that correspond to the global group roles. For
example, in ForestA, create a universal group called SalesAccountsOrders and add the
global groups SalesOrder and AccountsOrder to the group.
To assign permissions to resources that are to be accessed by users from a different forest,
create resource-based domain local groups in every domain and use these groups to assign
permissions on the resources in that domain. For example, in ForestB, create a domain local
group called
OrderEntryApp. Add this group to the access control list (ACL) that allows access to the
order entry application, and assign appropriate permissions.
To implement access to a resource across a forest, add universal groups from trusted
forests to the domain local groups in the trusting forests. For example, add the
SalesAccountsOrders universal group from ForestA to the OrderEntryApp domain local
group in ForestB.


Leave a Reply