ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-303 All Questions

View all questions & answers for the AZ-303 exam
Go to Exam

Exam AZ-303 topic 1 question 25 discussion

Actual exam question from Microsoft's AZ-303
Question #: 25
Topic #: 1
[All AZ-303 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You manage an Active Directory domain named contoso.local.
You install Azure AD Connect and connect to an Azure Active Directory (Azure AD) tenant named contoso.com without syncing any accounts.
You need to ensure that only users who have a UPN suffix of contoso.com in the contoso.local domain sync to Azure AD.
Solution: You use Azure AD Connect to customize the synchronization options.
Does this meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
Instead use Synchronization Rules Editor to create a synchronization rule.
Note: Filtering what objects are synced to Azure AD is a common request and there are many instances where filtering by OU just doesn't cut it. One option is to filter users by their UPN suffix so that only users with the public FQDN as their UPN suffix are synced to Azure AD (e.g., [email protected] would be synced while [email protected] would not).
Filtering can be configured using either the GUI (Synchronization Rules Editor) or PowerShell.
Reference:
https://www.sidekicktech.com/blog/field-notes/2019/upn-suffix-filtering-ad-connect/
by andyR at Nov. 4, 2020, 6:37 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
kcinofni
Highly Voted 4 years, 5 months ago
Correct B: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering#outbound-filtering
upvoted 31 times
IvanDan
4 years, 5 months ago
Agree “ In this example, you change the filtering so that only users that have both their mail and userPrincipalName ending in @contoso.com are synchronized: Sign in to the server that is running Azure AD Connect sync by using an account that is a member of the ADSyncAdmins security group. Start Synchronization Rules Editor from the Start menu.” So the B is correct
upvoted 6 times
...
IvanDan
4 years, 5 months ago
The information quoted is from the link pasted by @kcinofni
upvoted 2 times
...
...
buanilk
Highly Voted 4 years, 5 months ago
In AD connect one can only select the OU to be sync and for the UPN selection one has to do in sync editor.
upvoted 16 times
tita_tovenaar
3 years, 9 months ago
that’s maybe the tricky part … they call it UPN but it’s actually just a difference in OUs and so AD connect should be sufficient.
upvoted 2 times
...
...
KemalM
Most Recent 3 years, 2 months ago
Selected Answer: B
use Synchronization Rules Editor
upvoted 1 times
...
plmmsg
3 years, 8 months ago
No. use Synchronization Rules Editor
upvoted 1 times
...
syu31svc
3 years, 8 months ago
I will go for A In Azure AD Connect sync, you can enable filtering at any time. By using filtering, you can control which objects appear in Azure Active Directory (Azure AD) from your on-premises directory. https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-azure-ad-connect https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering#attribute-based-filtering
upvoted 1 times
syu31svc
3 years, 8 months ago
Sorry disregard my previous post Answer is B
upvoted 3 times
...
...
MinhajR
3 years, 8 months ago
On Exam 27/08/2021
upvoted 2 times
...
tita_tovenaar
3 years, 9 months ago
sorry, correct A: “ There are two ways to select the domains to be synchronized: - Using the Synchronization Service - Using the Azure AD Connect wizard.” https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering#outbound-filtering
upvoted 1 times
...
Amit3
3 years, 11 months ago
On Exam 11-Jun-21, Answer is B.
upvoted 1 times
...
Mucker973
3 years, 11 months ago
very misleading question, is this on an exam anywhere exactly worded the same? In my mind the "Azure AD connect" in the context of this question is the same thing as the "rules editor". I knew it was there were you do it, I just thought the question when that GUI when they said "azure AD connect"
upvoted 3 times
pentium75
3 years, 10 months ago
I think "Azure AD Connect" is the whole sync tool. But this kind of filter can NOT be done in the sync OPTIONS (where you specify how often to run etc.) but in the RULES editor. Though both, options AND rules, are maintained with the same tool called Azure AD Connect.
upvoted 3 times
...
...
Mucker973
3 years, 11 months ago
very misleading question, is this on an exam anywhere exactly worded the same? In my mind the "Azure AD connect" in the context of this question is the same thing as the "rules editor". I knew it was there were you do it, I just thought the question when that GUI when they said "azure AD connect"
upvoted 2 times
...
pgx7
4 years ago
Correct is B : you need to use Synchronization Rules Editor - Some guys says that A is correct because you could configure Domain-based filtering using Sync service configuration : while that is true, this is not what is asked in this question - It is not asked to filter a Domain (Child domains for exemple in a forest) but to filter from a Specfic UPN in a domain - And the only supported way to do that is to configure synchonization Rules (add new ones, don't modify default ones)
upvoted 4 times
...
Krsto
4 years, 2 months ago
By default, all domains and organizational units (OUs) are synchronized. If you don't want to synchronize some domains or OUs to Azure AD, you can clear the appropriate selections. https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-custom#domain-and-ou-filtering So the answer is A
upvoted 3 times
...
Sumbasa
4 years, 3 months ago
Answer B - I understand when someone chose A, but in this case we already installed AD Connect, so if I would be the admin I would choose the Synch. Rules Editor instead of going through the wizard again.
upvoted 5 times
...
satbim
4 years, 4 months ago
Based on the reading, it can be achieved using AD connect or synchronisation rule editor but with AD connect, u need to run the installation wizard again. I would prefer to go with B keeping this in mind.
upvoted 4 times
BigR
4 years, 2 months ago
yes but it still meet the goal with using AD Connect. I go for A
upvoted 2 times
...
...
moumugdha
4 years, 4 months ago
According to me it will be A.
upvoted 2 times
...
mtk93
4 years, 4 months ago
B - the given answer are correct. you need the rule editor. Watch next question.
upvoted 5 times
AWS56
4 years, 3 months ago
Agree, I will go with B
upvoted 2 times
...
...
sejalo
4 years, 4 months ago
Answer should be B If you refer Positive filtering: "only sync these" under this url, it is stated clearly that Sync Rule edition is required. https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering#configure-attribute-based-filtering
upvoted 3 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago