###BeginCaseStudy###
Topic 4, A.Datum
Background
General Background
You are a SharePoint administrator for A. Datum Corporation. A. Datum is a large legal firm with offices
in Chicago, New York, and London. A. Datum is merging with a smaller legal firm named Fabrikam, Inc.
Technical Background
A)
Datum has an Active Directory Domain Services (AD DS) domain named adatum.com. The domain
contains an Active Directory Rights Management Services (AD RMS) server.
The A. Datum SharePoint environment includes the sites described in the following table.
The A. Datum SharePoint environment contains two servers that run all SharePoint services. The servers
run Windows Server 2012 and are members of the domain. A third-party file-level antivirus application
runs on all servers in the domain. The adatum.com farm uses Microsoft SQL Server 2012 for the
SharePoint databases.
A)
Datum is planning a three-tier SharePoint farm to replace the existing farm. A firewall will be placed
between each tier. All servers must be virtualized unless otherwise specified. The following servers are
available for the new SharePoint environment:
All user accounts are stored in and maintained by using Active Directory. The My Site portal and
document portal SharePoint sites receive user and group membership information by using ActiveDirectory synchronization. New users often have to wait more than 24 hours before they can view their
user profile information.
Fabrikam has an AD DS domain named fabrikam.com and a single-server SharePoint environment.
Web Applications
A new remote web application named App1 will be hosted in the adatum.com domain. App1 will require
access to SharePoint resources in the fabrikam.com domain. SharePoint administrators in the
fabrikam.com domain must be able to administer App1 by using Windows PowerShell.
Technical Requirements
You must meet the following technical requirements:
Fabrikam users must be able to directly access internal SharePoint
resources in the adatum.com domain.
Datum users must not be able to access resources in the fabrikam.com
domain.
All documents relating to the merger must contain a barcode, and must
be protected from distribution.
Authenticated users must not be prompted for credentials when they
access App1.
Users in the adatum.com domain must be able to access all SharePoint
sites the same day they receive their Active Directory account credentials.
When a user account is deleted, the user’s personal site collection must
automatically be removed within 12 hours.
The antivirus application must not scan SharePoint directories.
When migrating the SharePoint environment, you must meet the following requirements:
The application and database servers must not be accessible from the
Internet.
The database servers must accept connections only from the SharePoint
servers.
The database servers must be physical machines running Windows
Server 2012 with direct access to storage.
The database servers must be configured for redundancy.
All database transaction logs must be sent off-site.
All SharePoint installation prerequisites must be installed offline.
###EndCaseStudy###
DRAG DROP
You need to configure cross-forest authentication.
How should you configure the authentication? (To answer, drag the appropriate trust element to the
correct target in the answer area. Each trust element may be used once, more than once, or not at all.
You may need to drag the split bar between panes or scroll to view content.)
Answer: 
Explanation:
Note:
* From scenario:
/ Fabrikam has an AD DS domain named fabrikam.com
/ Fabrikam users must be able to directly access internal SharePoint resources in the adatum.com
domain.
/ Datum users must not be able to access resources in the fabrikam.com domain.
* A.Datum need to Trust Fabrikam (as Fabrikam need to access resources in A.Datum) so A.Datum is the
source and Fabrikam the destination.
* A one-way, outgoing, forest trust allows resources in your Windows Server 2008 forest or Windows
Server 2003 forest (the forest that you are logged on to at the time that you run the New Trust Wizard)
to be accessed by users in another Windows Server 2008 forest or Windows Server 2003 forest. For
example, if you are the administrator of the wingtiptoys.com forest and resources in that forest need to
be accessed by users in the tailspintoys.com forest, you can use this procedure to establish one side ofthe relationship so that users in the tailspintoys.com forest can access resources in any of the domains
that make up the wingtiptoys.com forest. Create a One-Way, Outgoing, Forest Trust for One Side of the Trust