ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-303 All Questions

View all questions & answers for the AZ-303 exam
Go to Exam

Exam AZ-303 topic 5 question 9 discussion

Actual exam question from Microsoft's AZ-303
Question #: 9
Topic #: 5
[All AZ-303 Questions]

You configure Azure AD Connect for Azure Active Directory Seamless Single Sign-On (Azure AD Seamless SSO) for an on-premises network.
Users report that when they attempt to access myapps.microsoft.com, they are prompted multiple times to sign in and are forced to use an account name that ends with onmicrosoft.com.
You discover that there is a UPN mismatch between Azure AD and the on-premises Active Directory.
You need to ensure that the users can use single-sign on (SSO) to access Azure resources.
What should you do first?

  • A. From on-premises network, deploy Active Directory Federation Services (AD FS).
  • B. From Azure AD, add and verify a custom domain name.
  • C. From on-premises network, request a new certificate that contains the Active Directory domain name.
  • D. From the server that runs Azure AD Connect, modify the filtering options.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
The UPN is used by Azure AD to allow users to sign-in. The UPN that a user can use, depends on whether or not the domain has been verified. If the domain has been verified, then a user with that suffix will be allowed to sign-in to Azure AD.
To do so, you need to add and verify a custom domain in Azure AD before you can start syncing the users.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-design-concepts#azure-ad-sign-in https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-objectsync#detect-upn-mismatch-if-object-is-synced-to-azure-active-directory
by Bemsi49 at Jan. 15, 2021, 4:24 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
azurecert2021
Highly Voted 4 years, 4 months ago
correct UPN mismatch can be removed after adding domain of you on-prem to Azure AD, so option B is correct.
upvoted 19 times
...
Bemsi49
Highly Voted 4 years, 4 months ago
Given Answer is correct. B
upvoted 10 times
...
[Removed]
Most Recent 3 years, 3 months ago
Correct answer, once we add custom domain name
upvoted 1 times
...
JayBee65
3 years, 3 months ago
John is a user in contoso.com. You want John to use the on-premises UPN [email protected] to sign in to Azure after you have synced users to your Azure AD directory contoso.onmicrosoft.com. To do so, you need to add and verify contoso.com as a custom domain in Azure AD before you can start syncing the users. If the UPN suffix of John, for example contoso.com, does not match a verified domain in Azure AD, then Azure AD replaces the UPN suffix with contoso.onmicrosoft.com. From https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-design-concepts#azure-ad-sign-in
upvoted 3 times
...
lucky_777
3 years, 4 months ago
threre's no real life answer: Use powershell command: Set-AzureADUser -ObjectId [email protected] -UserPrincipalName [email protected] to match AD UPN wit AAD UPN
upvoted 1 times
...
syu31svc
3 years, 9 months ago
When UserPrincipalName (UPN)/Alternate Login ID suffix is not verified with the Azure AD Tenant, then Azure Active Directory replaces the UPN suffixes with the default domain name "onmicrosoft.com". https://docs.microsoft.com/bs-latn-ba/azure/active-directory/hybrid/tshoot-connect-objectsync#upn-suffix-is-not-verified-with-azure-ad-tenant https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/domains-manage Answer is B
upvoted 6 times
...
TSMRE
3 years, 11 months ago
On exam 6/7/21
upvoted 5 times
...
QiangQiang
4 years ago
Custom domain state and UPN It is important to ensure that there is a verified domain for the UPN suffix. John is a user in contoso.com. You want John to use the on-premises UPN [email protected] to sign in to Azure after you have synced users to your Azure AD directory contoso.onmicrosoft.com. To do so, you need to add and verify contoso.com as a custom domain in Azure AD before you can start syncing the users. If the UPN suffix of John, for example contoso.com, does not match a verified domain in Azure AD, then Azure AD replaces the UPN suffix with contoso.onmicrosoft.com.
upvoted 6 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel