ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-303 All Questions

View all questions & answers for the AZ-303 exam
Go to Exam

Exam AZ-303 topic 1 question 27 discussion

Actual exam question from Microsoft's AZ-303
Question #: 27
Topic #: 1
[All AZ-303 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You manage an Active Directory domain named contoso.local.
You install Azure AD Connect and connect to an Azure Active Directory (Azure AD) tenant named contoso.com without syncing any accounts.
You need to ensure that only users who have a UPN suffix of contoso.com in the contoso.local domain sync to Azure AD.
Solution: You use the Synchronization Service Manager to modify the Active Directory Domain Services (AD DS) Connector.
Does this meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
Instead use Synchronization Rules Editor to create a synchronization rule.
Note: Filtering what objects are synced to Azure AD is a common request and there are many instances where filtering by OU just doesn't cut it. One option is to filter users by their UPN suffix so that only users with the public FQDN as their UPN suffix are synced to Azure AD (e.g., [email protected] would be synced while [email protected] would not).
Filtering can be configured using either the GUI (Synchronization Rules Editor) or PowerShell.
Reference:
https://www.sidekicktech.com/blog/field-notes/2019/upn-suffix-filtering-ad-connect/
by fudu101 at Nov. 8, 2020, 9:10 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
jamhaneef
Highly Voted 4 years, 6 months ago
People are upvoting even the wrong answers.. This question is simple. Its B not A. For attribute based filtering - Rules editor For Domain filtering - Service manager.. thats it
upvoted 43 times
heany
4 years, 5 months ago
only clear and right answer here.
upvoted 2 times
...
Joygant
4 years, 4 months ago
This is a great answer. But cannot the said asked be achieved through Domain filtering? It looks like talking about UPN suffix which is most of the cases domain name only, right? Can you please help explaining this part?
upvoted 1 times
...
...
buanilk
Highly Voted 4 years, 8 months ago
correct answer is NO. https://www.youtube.com/watch?v=I2PISfrM0Kk
upvoted 15 times
...
KemalM
Most Recent 3 years, 5 months ago
Selected Answer: B
use Synchronization Rules Editor
upvoted 1 times
...
syu31svc
3 years, 11 months ago
Answer is No https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-create-custom-sync-rule
upvoted 1 times
...
jamhaneef
4 years, 6 months ago
Already given answers are wrong and even people who comment are also wrong.. Please please study do lab and then comment. One thing is dont upvote if you dont know if the answer is correct
upvoted 6 times
...
SubeeshBC
4 years, 6 months ago
Many have quoted this URL:https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering#configure-attribute-based-filtering It clearly says in the "outbound filtering" part that you need to use "Synchronization Rule Editor" to achieve this specific result. Answer should be No
upvoted 3 times
...
heany
4 years, 6 months ago
The answer is No. The key difference from the rule editor is that the list in sync service manager is based on existing domains in on-prem active directory ( you have to refresh to get the updated list) . Once new domains added, the configuration cannot make sure the filtering. Only the rule editor can make sure all identity with UPN suffix will be filtered
upvoted 5 times
...
Ramkid
4 years, 6 months ago
The explanation in the given answer talks about the filtering. But the question is about the DS connection modification. Looking into the below link, I think the correct answer is yes, means the synchronisation service manager can be used to modify the DS connectors. https://docs.microsoft.com/fr-fr/azure/active-directory/hybrid/how-to-connect-sync-service-manager-ui
upvoted 1 times
...
moumugdha
4 years, 7 months ago
B will be the correct one
upvoted 4 times
...
sejalo
4 years, 7 months ago
If you refer Positive filtering: "only sync these" under this url, it is stated clearly that Sync Rule edition is required. https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering#configure-attribute-based-filtering
upvoted 2 times
...
Lucky1983
4 years, 7 months ago
Answer is A - Yes There are two ways to select the domains to be synchronized: - Using the Synchronization Service - Using the Azure AD Connect wizard.
upvoted 2 times
AWS56
4 years, 6 months ago
This is incorrect, Sync can be done only using Sync rule editor
upvoted 1 times
tita_tovenaar
4 years ago
no, Lucky1983 has a point and it can be done in the wizard or Sync service. But the question says “ only users who have a UPN suffix of contoso.com in the contoso.local domain”, meaning you need to sync a part of a domain. And then the answer is No, meaning in this case Lucky1983’s solution doesn’t work.
upvoted 1 times
...
...
...
NAWEN
4 years, 8 months ago
Answer A, correct. In Azure AD Connect sync, you can enable filtering at any time. If you start with a default configuration of directory synchronization and then configure filtering, the objects that are filtered out are no longer synchronized to Azure AD. Because of this change, any objects in Azure AD that were previously synchronized but were then filtered are deleted in Azure AD. https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering#configure-attribute-based-filtering
upvoted 3 times
...
ihustle
4 years, 8 months ago
Answer is A https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering#configure-attribute-based-filtering
upvoted 2 times
...
fudu101
4 years, 8 months ago
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering#configure-attribute-based-filtering
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel