Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Microsoft Discussions

Exam AZ-104 topic 2 question 58 discussion

Actual exam question from Microsoft's AZ-104
Question #: 58
Topic #: 2
[All AZ-104 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com:

User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com.
You need to create new user accounts in external.contoso.onmicrosoft.com.
Solution: You instruct User2 to create the user accounts.
Does that meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
Only a global administrator can add users to this tenant.
Reference:
https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/add-users-to-azure-ad
by wksjiajhuioahkenka at Dec. 9, 2020, 4:46 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
aaa112
Highly Voted 3 years, 4 months ago
Correct, but the explanation is not. User1 is global admin of contoso.onmicrosoft.com. As he created the new tenant called external.contoso.onmicrosoft.com, he will be the OWNER. Check the scope not just the role, tho.
upvoted 86 times
mikl
3 years, 2 months ago
Thank you for clarifying
upvoted 2 times
...
r3tr0penguin
2 years, 10 months ago
Then if User2 want to create new user on external.contoso.onmicrosoft.com , he can't right ? because User2 is not the one who create tenant external.contoso.onmicrosoft.com that mean User 2 don't be OWNER
upvoted 24 times
RamanAgarwal
2 years, 10 months ago
Yes because user2 wont have any role or connection with the new tenant unless added by user1 specifically.
upvoted 23 times
AzureG0d
1 year, 5 months ago
be mindful of the power of a global administrator. " Because only another global admin can reset a global admin's password, we recommend that you have at least 2 global admins in your organization in case of account lockout. But the global admin has almost unlimited access to your org's settings and most of the data, so we also recommend that you don't have more than 4 global admins because that's a security threat. " https://learn.microsoft.com/en-us/microsoft-365/admin/add-users/about-admin-roles?view=o365-worldwide
upvoted 4 times
AzureG0d
1 year, 5 months ago
I stand corrected. Only user1 can see and will have access to those. Administrative independence If a non-administrative user of organization 'Contoso' creates a test organization 'Test,' then: By default, the user who creates a organization is added as an external user in that new organization, and assigned the global administrator role in that organization. The administrators of organization 'Contoso' have no direct administrative privileges to organization 'Test,' unless an administrator of 'Test' specifically grants them these privileges. However, administrators of 'Contoso' can control access to organization 'Test' if they sign in to the user account that created 'Test.' If you add or remove an Azure AD role for a user in one organization, the change does not affect the roles that the user is assigned in any other Azure AD organization. https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/licensing-directory-independence#administrative-independence
upvoted 13 times
...
...
...
...
...
mlantonis
Highly Voted 2 years, 11 months ago
Correct Answer: A - Yes Only User1 has access to the new Tenant, because User1 created the Tenant and became automatically Global Admin.
upvoted 77 times
Spam101198
1 year, 1 month ago
Question is asking about User 2 not user 1 , hence answer is NO
upvoted 10 times
...
EricMaes
2 years, 7 months ago
Didn't he become owner?
upvoted 3 times
A_GEE
1 year, 10 months ago
Yes. User1 becomes the owner and the first user in that Tenant
upvoted 3 times
...
...
FlaShhh
4 months, 2 weeks ago
The Azure God mlantonis is wrong for once, is the world ending?
upvoted 6 times
...
CommanderBigMac
1 year, 2 months ago
Putting this here, hope it helps someone. Question was reworded at some point, changing the answer to B: No. https://learn.microsoft.com/en-us/answers/questions/1163804/need-clear-understanding-on-the-permissions-global
upvoted 48 times
Zomato
9 months, 2 weeks ago
Yeah. Clears everything.
upvoted 2 times
...
...
Load full discussion...
...
tashakori
Most Recent 1 month ago
No is right
upvoted 2 times
...
gil906
1 month, 2 weeks ago
Selected Answer: A
Answer is Yes, User2, as a Global Administrator in the Azure Active Directory, has the necessary permissions to create new user accounts in any associated directory, including external.contoso.onmicrosoft.com. https://learn.microsoft.com/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles#microsoft-entra-roles
upvoted 1 times
...
MatAlves
1 month, 3 weeks ago
Based on the answers, it seems like the question has changed. User1 created the Tenant and, therefore, is the sole owner. User2 has no role and, therefore, can't create user accounts.
upvoted 1 times
...
JananiToo
2 months ago
User Admin in active directory right? He can create users in another tenant also like global admin right?
upvoted 1 times
...
Amir1909
2 months, 1 week ago
No is correct
upvoted 1 times
...
Amir1909
2 months, 1 week ago
No is correct
upvoted 1 times
...
Amir1909
2 months, 1 week ago
Yes is correct
upvoted 1 times
...
mcclane654
2 months, 3 weeks ago
Selected Answer: B
tried creating a new tenant on my normal user. I can't even find it using the global admin. https://learn.microsoft.com/en-us/entra/fundamentals/create-new-tenant#your-user-account-in-the-new-tenant
upvoted 2 times
...
Novia
3 months, 4 weeks ago
Selected Answer: B
User2 is only the previlege admin of the contoso.onmicrosoft.com instead of the new tenant.
upvoted 1 times
...
Bipinlam
5 months, 2 weeks ago
Answer is NO
upvoted 1 times
...
mattpaul
5 months, 3 weeks ago
I passed with these questions and many friends passed too, all questions appeared in the real exam a great study resource, contact me on [email protected]
upvoted 1 times
...
matrossoft
6 months, 3 weeks ago
The correct answer is B. It's been checked on the own account and also take a look: https://techcommunity.microsoft.com/t5/azure-governance-and-management/can-global-administrator-of-a-azure-ad-tenant-access-other/m-p/3758143
upvoted 2 times
...
Nicknamefordiscussions69
7 months ago
Selected Answer: B
Answer is no
upvoted 2 times
...
helenhwy
7 months, 2 weeks ago
If your user account has the User Administrator or Global Administrator role, you can create a new user in Azure AD by using the Azure portal, the Azure CLI, or PowerShell. In PowerShell, run the cmdlet New-AzureADUser. In the Azure CLI, use az ad user create. https://learn.microsoft.com/en-us/training/modules/create-users-and-groups-in-azure-active-directory/2-user-accounts-azure-ad so YES
upvoted 2 times
...
o0o0
8 months ago
Just tested it my lab and user2 won't even be able to view the tenant created by User1.
upvoted 3 times
...
Load full discussion...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel