ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-103 All Questions

View all questions & answers for the AZ-103 exam
Go to Exam

Exam AZ-103 topic 5 question 6 discussion

Actual exam question from Microsoft's AZ-103
Question #: 6
Topic #: 5
[All AZ-103 Questions]

HOTSPOT -
Your network contains an Active Directory domain named adatum.com and an Azure Active Directory (Azure AD) tenant named adatum.onmicorosft.com.
Adatum.com contains the user accounts in the following table.

Adatum.onmicrosoft.com contains the user accounts in the following table.

You need to implement Azure AD Connect. The solution must follow the principle of least privilege.
Which user accounts should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: User5 -
In Express settings, the installation wizard asks for the following:
AD DS Enterprise Administrator credentials
Azure AD Global Administrator credentials
The AD DS Enterprise Admin account is used to configure your on-premises Active Directory. These credentials are only used during the installation and are not used after the installation has completed. The Enterprise Admin, not the Domain Admin should make sure the permissions in Active Directory can be set in all domains.

Box 2: UserA -
Azure AD Global Admin credentials are only used during the installation and are not used after the installation has completed. It is used to create the Azure AD
Connector account used for synchronizing changes to Azure AD. The account also enables sync as a feature in Azure AD.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-accounts-permissions
by Cloudyuga at May 17, 2020, 5:11 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
macco455
Highly Voted 4 years, 12 months ago
Answer is correct. They try to trick you by saying use least privilege, but in this case least privilege is the most privilege
upvoted 7 times
...
PM2
Highly Voted 5 years ago
Correct Answer
upvoted 5 times
...
lehrie
Most Recent 4 years, 7 months ago
answer is correct. https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-accounts-permissions#express-settings-installation
upvoted 2 times
Preeto18
3 years, 8 months ago
perfect :) Thank you for sharing the link...answer B is correct guys !
upvoted 1 times
...
...
Dizar
4 years, 10 months ago
Question 1, User 1 might be able to do the job. In question 1, considering it's a 1 domain forest "User1" which is Domain admins might be able to do the job. This is what the account is used for: Creates the AD DS Connector account in Active Directory and grants permissions to it. This created account is used to read and write directory information during synchronization.
upvoted 1 times
...
Cloudyuga
5 years ago
second Box Adatum.onmicrosoft.com is correct answer we need Azure AD Global Administrator account: used to create the Azure AD Connector account and configure Azure AD. First Box not sure ..!!
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel