PrepAway - Latest Free Exam Questions & Answers

You need to ensure that User1 can log on to the computer in the nwtraders.com domain

Your network contains two Active Directory forests. One forest contains two domains named
contoso.com and na.contoso.com. The other forest contains a domain named
nwtraders.com. A forest trust is configured between the two forests.
You have a user named User1 in the na.contoso.com domain. User1 reports that he fails to
log on to a computer in the nwtraders.com domain by using the user name NA\User1.
Other users from na.contoso.com report that they can log on to the computers in the
nwtraders.com domain.
You need to ensure that User1 can log on to the computer in the nwtraders.com domain.
What should you do?

PrepAway - Latest Free Exam Questions & Answers

A.
Enable selective authentication over the forest trust.

B.
Create an external one-way trust from na.contoso.com to nwtraders.com.

C.
Instruct User1 to log on to the computer by using his user principal name (UPN).

D.
Instruct User1 to log on to the computer by using the user name nwtraders\User1.

Explanation:
http://apttech.wordpress.com/2012/02/29/what-is-upn-and-why-to-use-it/
What is UPN and why to use it?

UPN or User Principal Name is a logon method of authentication when you enter the
credentials as username@domainname.com instead of Windows authentication method:
domainname\username to be used as login.
So UPN is BASICALLY a suffix that is added after a username which can be used in place of
“Samaccount” name to authenticate a user. So lets say your company is called ABC, then
instead of ABC\Username you can use username@ABC.com at the authentication popup.
The additional UPN suffix can help users to simplify the logon information in long domain
names with an easier name. Example: instead of
username@this.is.my.long.domain.name.in.atlanta.com”, change it to
“username@atlanta”, if you create an UPN suffix called Atlanta.
http://blogs.technet.com/b/mir/archive/2011/06/12/accessing-resources-across-forest-andachieve-single-signon-part1.aspx
Accessing Resources across forest and achieve Single Sign ON (Part1)
http://technet.microsoft.com/en-us/library/cc772808%28v=ws.10%29.aspx
Accessing resources across forests

When a forest trust is first established, each forest collects all of the trusted namespaces in
its partner forest and stores the information in a TDO. Trusted namespaces include domain
tree names, user principal name (UPN) suffixes, service principal name (SPN) suffixes, and
security ID (SID) namespaces used in the other forest. TDO objects are replicated to the
global catalog.


Leave a Reply