Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You manage an Active Directory domain named contoso.local.
You install Azure AD Connect and connect to an Azure Active Directory (Azure AD) tenant named contoso.com without syncing any accounts.
You need to ensure that only users who have a UPN suffix of contoso.com in the contoso.local domain sync to Azure AD.
Solution: You use Azure AD Connect to customize the synchronization options.
Does this meet the goal?
Click on the arrows to vote for the correct answer
A. B.B
Instead use Synchronization Rules Editor to create a synchronization rule.
Note: Filtering what objects are synced to Azure AD is a common request and there are many instances where filtering by OU just doesn't cut it. One option is to filter users by their UPN suffix so that only users with the public FQDN as their UPN suffix are synced to Azure AD (e.g., john.doe@acme.com would be synced while jane.doe@internal.acme.com would not).
Filtering can be configured using either the GUI (Synchronization Rules Editor) or PowerShell.
https://www.sidekicktech.com/blog/field-notes/2019/upn-suffix-filtering-ad-connect/The given scenario describes a situation where an organization, Contoso, has an on-premises Active Directory (AD) domain named contoso.local, and they want to synchronize user accounts to Azure AD, which is hosted in the cloud under the domain name contoso.com. However, they only want to sync users who have a User Principal Name (UPN) suffix of contoso.com in their on-premises domain.
To achieve this, the solution proposed is to use Azure AD Connect, which is a tool that helps to synchronize objects between on-premises AD and Azure AD. The solution suggests customizing the synchronization options of Azure AD Connect to filter users based on their UPN suffix.
The proposed solution is correct, and it meets the given goal. Azure AD Connect provides different options for customizing the synchronization process, such as filtering objects, mapping attributes, and configuring password synchronization. In this case, the focus is on filtering users based on their UPN suffix. This can be achieved by selecting the appropriate filtering option in the Azure AD Connect configuration wizard.
By default, Azure AD Connect synchronizes all user accounts from the on-premises domain to Azure AD. However, with the filtering option, it is possible to restrict the synchronization to a specific subset of users, such as those who have a specific UPN suffix. This can help to minimize the number of unnecessary objects that are synced to Azure AD, reducing the risk of security breaches or compliance violations.
In summary, the proposed solution to use Azure AD Connect to customize the synchronization options to filter users based on their UPN suffix is correct, and it meets the given goal. Therefore, the answer is A. Yes.