Prevent Research.fabrikam.com from Resyncing to Azure AD | Azure AD Connect Solution | AZ-300 Exam

Prevent Research.fabrikam.com from Resyncing to Azure AD

Prev Question Next Question

Question

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory forest named fabrikam.com. The forest contains two child domains named corp.fabrikam.com and research.fabrikam.com.

You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com.

You install Azure AD Connect and sync all the on-premises user accounts to the Azure AD tenant. You implement seamless single sign-on (SSO).

You plan to change the source of authority for all the user accounts in research.fabrikam.com to Azure AD.

You need to prevent research.fabrikam.com from resyncing to Azure AD.

Solution: You use the Synchronization Service Manager.

Does this meet the goal?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B.

B

Instead you should customize the default synchronization rule.

Note: The Synchronization Service Manager UI is used to configure more advanced aspects of the sync engine and to see the operational aspects of the service.

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-create-custom-sync-rule

The proposed solution of using the Synchronization Service Manager to prevent research.fabrikam.com from resyncing to Azure AD does not meet the goal. The Synchronization Service Manager is a tool used for managing and monitoring the synchronization process between on-premises Active Directory and Azure AD, but it does not provide a direct option to prevent a specific domain from syncing.

To prevent research.fabrikam.com from syncing to Azure AD, the best approach is to exclude this domain from the scope of Azure AD Connect. This can be achieved by modifying the Azure AD Connect synchronization rules to exclude the research.fabrikam.com domain.

To exclude a domain from the synchronization scope, follow these steps:

  1. Open the Azure AD Connect wizard on the server where it is installed.
  2. On the Welcome page, click Configure.
  3. On the Additional tasks page, select Customize synchronization options, and then click Next.
  4. On the Connect to your directories page, enter the credentials of an account that has permissions to manage the on-premises Active Directory, and then click Next.
  5. On the Domain and OU filtering page, select the domain you want to exclude from synchronization and click Edit.
  6. In the Edit Domain or OU dialog box, select the option to exclude the domain, and then click OK.
  7. Click Next to complete the wizard and save the changes.

After completing these steps, Azure AD Connect will no longer synchronize any objects from the research.fabrikam.com domain to Azure AD. This will prevent the domain from being resynced to Azure AD as required. Therefore, the correct answer is B (No), the proposed solution does not meet the goal.

Prev Question Next Question