Your network contains two

Active Directory forests named contoso.com and adatum.com. All servers run Windows Server 2012 R2.

A one-way external trust exists between contoso.com and adatum.com.

Adatum.com contains a universal group named Group1. You need to prevent Group1 from bei

ng used to provide access to the resources in contoso.com.

What should you do?

A. Modify the Managed By settings ofGroup1.

B. Modify the Allowed to Authenticate permissions in adatum.com.

C. Change the type of Group1 to distribution.

D. Modify the name

of Group1.

Explanation:

Accounts that require access to the customer Active Directory will be granted aspecial right called Allowed to Authenticate. This right is then applied to computer objects (Active Directory domain controllers and AD RMS s

ervers) within the customer Active Directory to which the account needs access.

For users in a trusted WindowsServer 2008 or Windows Server 2003 domain or forest to be able to access resources in a trusting Windows Server 2008 or Windows Server 2003 domain

or forest where the trust authentication setting has been set to selective authentication, each user must be explicitly granted the Allowed to Authenticate permission on the security descriptor of the computer objects (resource computers) that reside in t

he trusting domain or forest.