What is the purpose of enabling Windows Active Directory Domain Authentication on FortiAuthenticator?

1. A. It enables FortiAuthenticator to use Windows administrator credentials to perform an LDAP lookup for a user search
2. B. It enables FortiAuthenticator to use a Windows CA certificate when authenticating RADIUS users
3. C. It enables FortiAuthenticator to import users from Windows AD
4. D. It enables FortiAuthenticator to register itself as a Windows trusted device to proxy authentication using Kerberos

Correct Answer: D
According to the FortiAuthenticator Administration Guide2, “Windows Active Directory domain authentication enables FortiAuthenticator to join a Windows Active Directory domain as a machine entity and proxy authentication requests using Kerberos.” Therefore, option D is true because it describes the purpose of enabling Windows Active Directory domain authentication on FortiAuthenticator. Option A is false because FortiAuthenticator does not need Windows administrator credentials to perform an LDAP lookup for a user search. Option B is false because FortiAuthenticator does not use a Windows CA certificate when authenticating RADIUS users, but rather its own CA certificate. Option C is false because FortiAuthenticator does not import users from Windows AD, but rather synchronizes them using LDAP or FSSO.