ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam 70-413 All Questions

View all questions & answers for the 70-413 exam
Go to Exam

Exam 70-413 topic 1 question 75 discussion

Actual exam question from Microsoft's 70-413
Question #: 75
Topic #: 1
[All 70-413 Questions]

Your network contains an Active Directory domain named contoso.com. The functional level of the domain and the forest is Windows Server 2008 R2.
All domain controllers run Windows Server 2008 R2.
You plan to deploy a new line-of-business application named App1 that uses claims-based authentication.
You need to recommend changes to the network to ensure that Active Directory can provide claims for App1.
What two changes should you include in the recommendation? Each correct answer presents part of the solution.

  • A. From the properties of the computer accounts of the domain controllers, enable Kerberos constrained delegation.
  • B. From the Default Domain Controllers Policy, enable the Support for Dynamic Access Control and Kerberos armoring setting.
  • C. Deploy Active Directory Lightweight Directory Services (AD LDS).
  • D. Raise the domain functional level to Windows Server 2012.
  • E. Add domain controllers that run Windows Server 2012.
Show Suggested Answer Hide Answer
Suggested Answer: BE 🗳️
E: You must perform several steps to enable claims in Server 2012 AD. First, you must upgrade the forest schema to Server 2012. You can do so manually through Adprep, but Microsoft strongly recommends that you add the AD DS role to a new Server 2012 server or upgrade an existing DC to Server 2012.
B: Once AD can support claims, you must enable them through Group Policy:
✑ From the Start screen on a system with AD admin rights, open Group Policy Management and select the Domain Controllers Organizational Unit (OU) in the domain in which you wish to enable claims.
✑ Right-click the Default Domain Controllers Policy and select Edit.
✑ In the Editor window, drill down to Computer Configuration, Policies, Administrative Templates, System, and KDC (Key Distribution Center).
✑ Open KDC support for claims, compound authentication, and Kerberos armoring.
Select the Enabled radio button. Supported will appear under Claims, compound authentication for Dynamic Access Control and Kerberos armoring options


Reference:
Enable Claims Support in Windows Server 2012 Active Directory http://windowsitpro.com/windows-server-2012/enable-claims-support-windows-server2012-active-directory
by [deleted] at April 4, 2025, 9:32 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Currently there are no comments in this discussion, be the first to comment!
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel