ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-303 All Questions

View all questions & answers for the AZ-303 exam
Go to Exam

Exam AZ-303 topic 5 question 96 discussion

Actual exam question from Microsoft's AZ-303
Question #: 96
Topic #: 5
[All AZ-303 Questions]

HOTSPOT -
A company runs multiple Windows virtual machines (VMs) in Azure.
The IT operations department wants to apply the same policies as they have for on-premises VMs to the VMs running in Azure, including domain administrator permissions and schema extensions.
You need to recommend a solution for the hybrid scenario that minimizes the amount of maintenance required.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: Join the VMs to a new domain controller VM in Azure
Azure provides two solutions for implementing directory and identity services in Azure:
✑ (Used in this scenario) Extend your existing on-premises Active Directory infrastructure to Azure, by deploying a VM in Azure that runs AD DS as a Domain
Controller. This architecture is more common when the on-premises network and the Azure virtual network (VNet) are connected by a VPN or ExpressRoute connection.
✑ Use Azure AD to create an Active Directory domain in the cloud and connect it to your on-premises Active Directory domain. Azure AD Connect integrates your on-premises directories with Azure AD.
Box 2: Set up VPN connectivity.
This architecture is more common when the on-premises network and the Azure virtual network (VNet) are connected by a VPN or ExpressRoute connection.
References:
https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/identity/
by Jinder at Jan. 7, 2021, 3:59 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Stevezzc
Highly Voted 4 years, 6 months ago
first box should be 1 as minimizing the amount of maintenance is required.
upvoted 24 times
heamgu
4 years, 3 months ago
https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/identity/#:~:text=AD-,Extend%20your%20existing%20on,deployment%20to%20Azure,-The
upvoted 7 times
...
justfordevelopment
3 years, 5 months ago
from the link shared by @heamgu: ~~Extend your existing on-premises Active Directory infrastructure to Azure, by "deploying a VM in Azure that runs AD DS as a Domain Controller". This architecture is more common when the on-premises network and the Azure virtual network (VNet) are connected by a VPN or ExpressRoute connection~~ Hence the first answer should be choice 2 for 1st question, I believe.
upvoted 1 times
...
...
Tripp_F
Highly Voted 4 years ago
Given answer is incorrect. Correct answers are: 1. Join the VMs to the existing on-prem domain. 2. Set up VPN connectivity
upvoted 17 times
...
leo_az300
Most Recent 4 years ago
should be AD DS for 1st question, answer is correct. Using AD DS to create a new domain in Azure then join on-prem forest, you can apply group policy defined by on-premises Group Policy Objects to the domain in Azure.
upvoted 2 times
pentium75
4 years ago
No, does not support schema extensions
upvoted 4 times
...
...
Indigoproftrader
4 years, 1 month ago
To have "The IT operations department wants to apply the same policies as they have for on-premises VMs to the VMs running in Azure, including domain administrator permissions and schema extensions." in the question In order to do this : "Consider this option if you need to use AD DS features that are not currently implemented by Azure AD" and this: "You can apply group policy defined by on-premises Group Policy Objects to the domain in Azure." Thus do this: "You must deploy and manage your own AD DS servers and domain in the cloud." And this is option B
upvoted 1 times
pentium75
4 years ago
But option B says that you'd join your servers to a Domain CONTROLLER, which is not possible. You join computers to a domain, not to a domain controller. Actually you should deploy a Domain Controller in the cloud. But you'd still join computers to the domain, not to that new (or any other) domain controller.
upvoted 2 times
...
...
nfett
4 years, 1 month ago
another repeat.
upvoted 5 times
...
demonite
4 years, 3 months ago
Don't need another DC to manage, so just join the VMs to the existing domain once the VPN is connected
upvoted 6 times
heamgu
4 years, 3 months ago
https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/identity/#:~:text=AD-,Extend%20your%20existing%20on,deployment%20to%20Azure,-The
upvoted 1 times
...
...
azayra
4 years, 4 months ago
AD DS in Azure joined to an on-premises forest Deploy AD Domain Services (AD DS) servers to Azure. Create a domain in Azure and join it to your on-premises AD forest. Consider this option if you need to use AD DS features that are not currently implemented by Azure AD. Benefits Provides access to the same identity information that is available on-premises. You can authenticate user, service, and computer accounts on-premises and in Azure. You don't need to manage a separate AD forest. The domain in Azure can belong to the on-premises forest. You can apply group policy defined by on-premises Group Policy Objects to the domain in Azure. Challenges You must deploy and manage your own AD DS servers and domain in the cloud. There may be some synchronization latency between the domain servers in the cloud and the servers running on-premises.
upvoted 3 times
...
Krsto
4 years, 5 months ago
ADDS does not provide you with domain admin privileges, neither you will be able to extend your schema. Therefore we can rule it out. As for domain controller VM in cloud, this also requires maintenance (patching, rebooting etc.) Personally, I will always choose to have DC in cloud as local domain site, however with this requirements in my opinions option A&A is correct
upvoted 5 times
...
ReadyToLearn
4 years, 6 months ago
can't be ADDS because you need same permissions as on-prem. ADDS you do not get domain admin rights. I would go with the first choice to join on prem domain to meet requirement of same policies as on-prem and minimize effort.
upvoted 4 times
...
Krishna23
4 years, 6 months ago
The Answer to the first box should be C (Create Azure AD Domain Services), as it requires less maintenance (as per the requirement).
upvoted 1 times
pentium75
4 years ago
No, it does not support the requirements
upvoted 1 times
...
...
G_Z
4 years, 6 months ago
Create Azure AD Domain Services is correct.
upvoted 3 times
pentium75
4 years ago
No, it does not support the requirements.
upvoted 1 times
...
...
xaccan
4 years, 6 months ago
you do not need to create a new domain, The answer are A & A
upvoted 2 times
s1fd01
4 years, 5 months ago
You are not creating a new domain, but a new "domain controller" implying it's adding a new DC and site to existing AD
upvoted 4 times
...
heamgu
4 years, 3 months ago
Here: https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/identity/#:~:text=AD-,Extend%20your%20existing%20on,deployment%20to%20Azure,-The
upvoted 1 times
17Master
3 years, 5 months ago
Here: Extend your existing on-premises Active Directory infrastructure to Azure, by deploying a VM in Azure that runs AD DS as a Domain Controller. This architecture is more common when the on-premises network and the Azure virtual network (VNet) are connected by a VPN or ExpressRoute connection.
upvoted 1 times
17Master
3 years, 5 months ago
Join the VMs to a new domain controller VM in Azure (it says new domain controller, it doesn't mean a new domain. attention!!!) Set Up VPN connectivity. correcto
upvoted 1 times
...
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel