Question

You want to use the new features of Key Distribution Center (KDC) support for claims, compound authentication, and Kerberos armoring in your domain. What must you do first? (Choose two answers)

A) Raise the domain functional level to Windows Server 2008 R2

B) Raise the domain functional level to Windows Server 2012

C) Install at least one Windows Server 2012 domain controller

D) Retire all Windows 2000 Server member servers

Answer 1

To use the new KDC features like claims, compound authentication, and Kerberos armoring in a domain, the domain functional level must be raised to Windows Server 2012 and at least one Windows Server 2012 domain controller must be installed.

Step-by-step explanation:

If you aim to use the new features of Key Distribution Center (KDC) such as claims, compound authentication, and Kerberos armoring in your domain, you must take a few steps first. These advanced features are part of the Active Directory domain services in Windows Server 2012 and later, and therefore, to leverage these capabilities, you will need to:

1. Raise the domain functional level to Windows Server 2012. This is essential because the new features of KDC are supported starting with this version of Windows Server.
2. Install at least one Windows Server 2012 domain controller in your existing domain. This is because a domain controller running this version or later is required to provide the functionality associated with claims, compound authentication, and Kerberos armoring.

Note that simply raising the domain functional level without having a Windows Server 2012 domain controller will not enable these features. Similarly, having a Windows Server 2012 domain controller but not raising the domain functional level to at least Windows Server 2012 will also not suffice. Therefore, both actions are mutually dependent and necessary to enable the new KDC features.