Exam MS-102 topic 1 question 29 discussion

It is D. Global security groups from your on-premises AD are synchronized to Azure AD, and they retain their membership and other attributes during the synchronization process. This means that if you have global security groups defined in your on-premises AD and these groups contain users or other groups, the membership information will be replicated to Azure AD. Disabled user accounts are also synchronized: https://learn.microsoft.com/en-us/answers/questions/233667/will-azure-ad-connect-sync-disabled-user-accounts

Here's the reasoning: Azure AD Connect synchronizes enabled user accounts and groups by default. From the table (as described in your previous question context): Group1 is a global security group – ✅ Syncs User1 is an enabled user account – ✅ Syncs User2 is a disabled user account – ❌ Does not sync by default Therefore: Group1: ✅ Yes User1: ✅ Yes User2: ❌ No Final answer: C. Group1 and User1 only ______________________________________

Es correcta

https://learn.microsoft.com/pt-br/training/modules/manage-synchronized/1-introduction

Disabled Accounts sync. https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/concept-azure-ad-connect-sync-user-and-contacts#disabled-accounts

Its D. Yes, disabled accounts do get synchronized via Azure AD Connect to Azure AD. By default, Azure AD Connect will sync all objects, including those that are disabled in your on-premises Active Directory, unless they are filtered out by configuration settings

The correct answer is D. Group1, User1 and User2. Azure AD Connect synchronizes all Active Directory objects that meet the following criteria: Object type: Azure AD Connect synchronizes user and group objects only. **Sync scope:** Azure AD Connect only syncs objects that are in the configured sync scope. Sync filter: Azure AD Connect only syncs objects that meet the configured sync filters. In the scenario described, there are no sync filters or sync scope configured. Therefore, Azure AD Connect will synchronize all user and group objects in the contoso.com domain. Details: Group1: It is a global security group, which is a type of object synchronized by Azure AD Connect. User1: It is an enabled user account, which is an object type synchronized by Azure AD Connect. User2: It is a disabled user account. Azure AD Connect syncs disabled user accounts by default. Therefore, all three objects will be synchronized with Azure AD.

All will sync, the question has NO context whatsoever. If it mentioned filtering at all, this question would change. In my tenant, we have 2x OUs, one for shared mailbox retaining and one for fully disabled users. Remove one and keep the other to prevent sync errors

All will sync, you can specify in AD Connect what you don't want to sync. In this case, nothing was mentioned so all will automatically sync

Only Group1 and User1 will sync to Azure AD in this scenario.

As stated here; https://learn.microsoft.com/en-us/azure/active-directory/hybrid/connect/concept-azure-ad-connect-sync-user-and-contacts#disabled-accounts The answer is D

Real Question in exam

Azure AD Connect will sync both user accounts and security groups. However, by default, it does not sync disabled user accounts.

C. Group1 and User1 only User 2 is a disabled account

Builtin security groups are listed here (https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-security-groups#default-active-directory-security-groups) and Global security group is not part of that list therefore it will be synchronised. ANSWER IS D

In this conversation not much is clarified, for me the answer is B https://www.examtopics.com/discussions/microsoft/view/48837-exam-ms-100-topic-3-question-77-discussion/

From https://learn.microsoft.com/en-us/azure/active-directory/hybrid/connect/concept-azure-ad-connect-sync-user-and-contacts Azure AD Connect excludes built-in security groups from directory synchronization. Disabled accounts are synchronized as well to Azure AD