Your network contains two Active Directory forests named contoso.com and adatum.com. Active Directory
Rights Management Services (AD RMS) is deployed in contoso.com. An AD RMS trusted user domain (TUD)
exists between contoso.com and adatum.com.
From the AD RMS logs, you discover that some clients that have IP addresses in the adatum.com forest are
authenticating as users from contoso.com.
You need to prevent users from impersonating contoso.com users.
What should you do?

A.
Configure trusted e-mail domains.

B.
Enable lockbox exclusion in AD RMS.

C.
Create a forest trust between adatum.com and contoso.com.

D.
Add a certificate from a third-party trusted certification authority (CA).