Prepare for Synchronization: AD Connect for Office 365

Synchronize Users from On-Premise Active Directory to Office 365

Question

You are the IT administrator of a company with an on-premise Active Directory domain named teststraining.local and an Office 365 tenant.

Your own the domain teststraining.com, and you have added it to Office 365 as the primary domain.

Your Exchange solution is on premise, with the configured SMTP format user.name@teststraining.com.

Your users UPN (User Principal Name) format is user.name@teststraining.local.

You now want to install AD Connect on a member server and synchronize your users to Office 365

What should you do to prepare for the synchronization?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer: D

teststraining.local is a non-routable domain name, which left unchanged will synchronize your users to an .onmicrosoft.com domain.

You should therefore add Whizlabstraining.com as a new UPN Suffix by opening Active Directory Domains and Trusts, right-click Active Directory Domains and Trusts, and choose Properties and Add UPN Suffix:

UPN Suffixes

‘The names ofthe current domain and the root domain are the default user
Principal name (UPN) suffixes. Adding atemative domain names provides
‘addtional lagon securty and simplfies user logon names.

|fyou want atemative UPN suftes to appear during user creation. add
them to the following ist

After you have added the new UPN suffix, you can change your users UPN from @teststraining.local to @teststraining.com in the user properties in Active Directory users and computers.

Option A is incorrect.

There is no requirement for the AD connect agent to be installed in a DMZ zone.

Option B is incorrect.

There is no need to group all users in one Organizational Unit.

When configuring the AD Connect installation, you can choose which OU's to synchronize (one or several).

Option C is incorrect.

You should change the UPN to match your users SMTP addresses, but you must first add teststraining.com as a new UPN suffix under Active Directory Domains and Trusts.

Reference:

To know more about preparing a non-routable domain for synchronization, please refer to the link below:

Sure, I can explain each answer option and its relevance to preparing for AD Connect synchronization in this scenario.

A. Make sure the AD connect agent is installed on an isolated server in a DMZ zone.

This option is not necessary in this scenario because AD Connect can be installed on any member server in the domain, and it does not require installation in a DMZ zone. AD Connect synchronizes information from Active Directory to Office 365 over secure channels, so it is not necessary to install it on a server in a DMZ zone. This option may be more relevant if the organization has specific security requirements or policies for deploying AD Connect.

B. Group all users that should be synchronized in one Organizational Unit.

This option is a best practice for preparing for AD Connect synchronization. Organizing all users who need to be synchronized into a single Organizational Unit (OU) makes it easier to manage and configure the synchronization. By default, AD Connect synchronizes all users in the domain, so grouping them into an OU ensures that only the required users are synchronized.

C. Change the UPN (User Principal Name) for all users to match their SMTP address.

This option is not necessary in this scenario because AD Connect can synchronize users with different UPN and SMTP addresses. If the UPN and SMTP address for a user are different, AD Connect can use a matching rule to determine the correct user account to synchronize. Changing the UPN for all users would require additional effort and may disrupt existing user authentication and authorization.

D. Add teststraining.com as a new UPN suffix in Active Directory Domains and Trusts.

This option is necessary in this scenario because AD Connect requires a matching UPN suffix to synchronize users to Office 365. By default, the users in the domain have a UPN suffix of teststraining.local, which is not the same as the primary domain in Office 365 (teststraining.com). To synchronize users, you need to add teststraining.com as a new UPN suffix in Active Directory Domains and Trusts and then update the UPN for each user to use the new suffix. Once the UPN suffix is updated, AD Connect can synchronize the users with their corresponding accounts in Office 365.