Exam AZ-304 topic 5 question 8 discussion

Answer is C - AZure Domain Services - ADS is designed for this exactly. It support LDAP querys but don't use local AD, instead use Azure AD. And the question says that ADConnect exists and both AZure AD and local AD are sync. - https://docs.microsoft.com/es-es/azure/active-directory-domain-services/overview

Correct answer is C. Azure AD support LDAP query through ADDS. A new domain controller cannot sync with on premises AD because of the security policy.

For me both C & D seem to meet the security policy. With D, we can deploy a RODC in Azure VM. Both C & D passively receive the sync data from on-prem but not write back to it . However D seems to be a better solution. With C, App1 may have to be re-coded to query Azure AD LDAP schema

For me both C & D seem to meet the security policy. With D, we can deploy a RODC in Azure VM. Both C & D passively receive the sync data from on-prem but not write back to it . However D seems to be a better solution. With C, App1 may have to be re-coded to query Azure AD LDAP schema

I would go with answer C. We are talking about a Linux server, which needs a managed domain server to authenticate users through LDAP. Managed domain is a service which belongs to the AAD domain services. This is not a service that is installed on a dedicated vm as mentioned into answer D. https://docs.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-create-instance Answer C is not enough : AAD will only works with Windows servers If we were talking about a Windows server

Appere on exam 23-dec-2021

C is the right answer

Answer is C

https://docs.microsoft.com/en-us/azure/active-directory-domain-services/overview Azure Active Directory Domain Services (Azure AD DS) provides managed domain services such as domain join, group policy, lightweight directory access protocol (LDAP), and Kerberos/NTLM authentication Answer is C

Answer is C - Azure Domain Services

correct answer C

Question doesn't make a lot of sense so it's down to process of elimination A. Azure AD Application Proxy - This is for on-premise apps that you want to be accessible over the internet. This can be ruled out since they want to move the app to Azure B. an Azure VPN gateway - This can be ruled out because the requirement is that Azure does not communicate with the on-premise network, a VPN would not meet the security requirements D. the Active Directory Domain Services role on a virtual machine - This won't help since you won't be able to join it to the existing domain since the security policy does not permit on-premise communication as above. C. Azure AD Domain Services (Azure AD DS) - This one could work since AAD DS will bring in the existing accounts from Azure AD which in turn are synchronised from on-premise AD over AD connect. However, you would probably need to reconfigure the app and update the LDAP connection.

on exam (7-19-2021) . passed 304

C is the only option due to the policy. A ADDS member on a VM must replicate with the onpremise controller, since that isnt allowed by policy the only option is to move to the managed version of adds.

Answer is C - Azure Active Directory (Azure AD) supports LDAP Authentication via Azure AD Domain Services (AD DS). https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/auth-ldap

C is the correct answer. User accounts are synced from On-prem AD to Azure AD, then from Azure AD to Azure AD DS domain which support LDAP as well. By adding Linux machine to Azure AD DS domain, people from On-prem AD domain will be able to access Linux. https://docs.microsoft.com/en-us/azure/active-directory-domain-services/synchronization

None of the answers are correct or the answers are badly written. If you simply lift and shift your LINUX machine to AZ, you can join it to the AAD domain and then you would be able to perform the LDAP queries