DRAG DROP
Your network contains two Active Directory forests named adatum.com and contoso.com. Both
forests contain multiple domains. A two-way trust exists between the forests.
The contoso.com domain contains a domain local security group named Group1. Group1 contains
Contoso\user1 and adatum\user1.
You need to ensure that Group1 can only contain users from the contoso.com domain.
Which three actions should you perform?
To answer, move three actions from the list of actions to the answer area and arrange them in the
correct order.
Answer: See the explanation
Explanation:
1) Remove adatum\user1 from Group1
2) Convert Group1 to a universal group
3) Convert Group1 to a global groupDomain local Groups that are used to grant permissions within a single domain. Members of domain
local groups can include only accounts (both user and computer accounts) and groups from the
domain in which they are defined.
———– to review………. Universal groups can only include objects from its own forest Groups can
have — domain local, built-in local, global, and universal. That is, the groups have different areas in
different scopes which they are valid.
A domain local group is a security or distribution group that can contain universal groups, global
groups, other domain local groups from its own domain, and accounts from any domain in the
forest. You can give domain local security groups rights and permissions on resources that reside
only in the same domain where the domain local group is located. A global group is a group that can
be used in its own domain, in member servers and in workstations of the domain, and in trusting
domains. In all those locations, you can give a global group rights and permissions and the global
group can become a member of local groups. However, a global group can contain user accounts
that are only from its own domain. A universal group is a security or distribution group that contains
users, groups, and computers from any domain in its forest as members. You can give universal
security groups rights and permissions on resources in any domain in the forest. Universal groups
are not supported.
Domain local -Groups that are used to grant permissions within a single domain. Members of
domain local groups can include only accounts (both user and computer accounts) and groups from
the domain in which they are defined. Built-in local – Groups that have a special group scope that
have domain local permissions and, for simplicity, are often referred to as domain local groups. The
difference between built-in local groups and other groups is that built-in local groups can’t be
created or deleted. You can only modify built-in local groups. References to domain local groups
apply to built-in local groups unless otherwise noted. Global – Groups that are used to grant
permissions to objects in any domain in the domain tree or forest. Members of global groups can
include only accounts and groups from the domain in which they are defined. Universal – Groups
that are used to grant permissions on a wide scale throughout a domain tree or forest. Members of
global groups include accounts and groups from any domain in the domain tree or forest.
Global to universal. This conversion is allowed only if the group that you want to change is not a
member of another global scope group. Domain local to universal. This conversion is allowed only if
the group that you want to change does not have another domain local group as a member.
Universal to global. This conversion is allowed only if the group that you want to change does not
have another universal group as a member. Universal to domain local. There are no restrictions for
this operation.
This question i broken. “The contoso.com domain contains a domain local security group named Group1. Group1 contains
Contoso\user1 and adatum\user1.” how is it even possible a user from other domain, can exist in i domain local security group, if it exists in contoso.com ? The answer is to remove adatum user as it is written now.
0
0
Maybe you should go back and touch up your basics and foundations…..
Domain local group can contain users from another trusted domain, including global and universal groups.
0
0
universal group is a security or distribution group that contains users, groups, and computers from any domain in its forest as members. You can give universal security groups rights and permissions on resources in any domain in the forest.
global group is a group that can be used in its own domain, in member servers and in workstations of the domain, and in trusting domains. In all those locations, you can give a global group rights and permissions and the global group can become a member of local groups. However, a global group can contain user accounts that are only from its own domain.
domain local group is a security or distribution group that can contain universal groups, global groups, other domain local groups from its own domain, and accounts from any domain in the forest. You can give domain local security groups rights and permissions on resources that reside only in the same domain where the domain local group is located.
0
0
It is possible for users of diff domains to exist in a single group , if a 2 way trust is set up , in such an instance it is usually one owner taking ownership of 2 companys each with their own domain , in other words trust is noty an issue , therefore it can be done , in order to reconcile this , user from adatum must be removed , tbhen the group can be converted , however it cannot be converted directly into a global group , it must first be converted into a universal group , then into a global , threby stopping anymore users from adatum to be able to be added
0
0