According to the FortiAuthenticator Administration Guide2, “Windows Active Directory domain
authentication enables FortiAuthenticator to join a Windows Active Directory domain as a machine
entity and proxy authentication requests using Kerberos.” Therefore, option D is true because it
describes the purpose of enabling Windows Active Directory domain authentication on
FortiAuthenticator. Option A is false because FortiAuthenticator does not need Windows
administrator credentials to perform an LDAP lookup for a user search. Option B is false because
FortiAuthenticator does not use a Windows CA certificate when authenticating RADIUS users, but
rather its own CA certificate. Option C is false because FortiAuthenticator does not import users from
Windows AD, but rather synchronizes them using LDAP or FSSO.
