ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-100 All Questions

View all questions & answers for the MS-100 exam
Go to Exam

Exam MS-100 topic 3 question 51 discussion

Actual exam question from Microsoft's MS-100
Question #: 51
Topic #: 3
[All MS-100 Questions]

Your network contains an Active Directory forest. The forest contains two domains named contoso.com and adatum.com.
Your company recently purchased a Microsoft 365 subscription.
You deploy a federated identity solution to the environment.
You use the following command to configure contoso.com for federation.
Convert-MsolDomaintoFederated `"DomainName contoso.com
In the Microsoft 365 tenant, an administrator adds and verifies the adatum.com domain name.
You need to configure the adatum.com Active Directory domain for federated authentication.
Which two actions should you perform before you run the Azure AD Connect wizard? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. From Windows PowerShell, run the Convert-MsolDomaintoFederated ג€"DomainName contoso.com ג€"SupportMultipleDomain command.
  • B. From Windows PowerShell, run the New-MsolFederatedDomain ג€"SupportMultipleDomain -DomainName contoso.com command.
  • C. From Windows PowerShell, run the New-MsolFederatedDomain -DomainName adatum.com command.
  • D. From Windows PowerShell, run the Update-MSOLFederatedDomain ג€"DomainName contoso.com ג€"SupportMultipleDomain command.
  • E. From the federation server, remove the Microsoft Office 365 relying party trust.
Show Suggested Answer Hide Answer
Suggested Answer: DE 🗳️
by lucidgreen at April 16, 2021, 8:13 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
lucidgreen
Highly Voted 4 years, 2 months ago
Convert-MsolDomaintoFederated is for changing the configuration to federated. Update-MsolDomaintoFederated is for making changes. I'm going say D and E.
upvoted 26 times
michszym
3 years, 11 months ago
Agree, read this: https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/active-directory/hybrid/how-to-connect-install-multiple-domains.md - section "How to update the trust between AD FS and Azure AD" - Remove " Relying Party Trusts" and next Update-MSOLFederatedDomain -DomainName <Federated Domain Name> -SupportMultipleDomain, NOT Convert-MsolDomaintoFederated
upvoted 3 times
...
...
ItsMagige
Highly Voted 4 years ago
D and E https://docs.microsoft.com/en-us/office365/troubleshoot/active-directory/update-federated-domain-office-365
upvoted 7 times
...
papaaj
Most Recent 2 years, 1 month ago
Option D is the correct answer
upvoted 1 times
...
Blagojche
2 years, 1 month ago
The correct actions to perform before running the Azure AD Connect wizard to configure the adatum.com Active Directory domain for federated authentication are: C. From Windows PowerShell, run the New-MsolFederatedDomain -DomainName adatum.com command. E. From the federation server, remove the Microsoft Office 365 relying party trust. Explanation: Option A is incorrect because it references the contoso.com domain, not the adatum.com domain that needs to be configured. Option B is incorrect because it creates a new federated domain for the contoso.com domain, not the adatum.com domain that needs to be configured. Option C is correct because it creates a new federated domain for the adatum.com domain, which is necessary for federated authentication. Option D is incorrect because it references the contoso.com domain, not the adatum.com domain that needs to be configured. Option E is correct because the Microsoft Office 365 relying party trust needs to be removed from the federation server before configuring the adatum.com domain for federated authentication. Therefore, the correct answers are C and E.
upvoted 1 times
...
trexar
3 years, 3 months ago
Selected Answer: AE
I recheck and is posible to use: 1.Update-MSOLFederatedDomain -DomainName <Federated Domain Name> -supportmultipledomain and 2.New-MSOLFederatedDomain -domainname <domain name> -supportmultipledomain or Convert-MSOLDomainToFederated -domainname <domain name> -supportmultipledomain https://docs.microsoft.com/en-US/troubleshoot/azure/active-directory/federation-service-identifier-specified
upvoted 2 times
RenegadeOrange
2 years, 10 months ago
D & E Explained exactly in this article. https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-multiple-domains
upvoted 3 times
Paolo2022
2 years, 6 months ago
This link says it all - D&E, thanks RenegadeOrange! What you're looking for to answer the question is described in this section: https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-multiple-domains#how-to-update-the-trust-between-ad-fs-and-azure-ad
upvoted 1 times
...
...
...
trexar
3 years, 3 months ago
Selected Answer: DE
To resolve the issue, you must use the -supportmultipledomain switch to add or convert every domain that's federated by the cloud service. This includes federated domains that already exist. Stee1 and 2: Download the agent and test the update command to check is ok Step 3: Update the federated trust on the AD FS server Update-MSOLFederatedDomain -DomainName <Federated Domain Name> -supportmultipledomain Step 4: Use the -supportmultipledomain switch to add or convert additional federated domains New-MSOLFederatedDomain -domainname <domain name> -supportmultipledomain
upvoted 3 times
...
RazielLycas
3 years, 3 months ago
Selected Answer: DE
similar question in Measureup.com , DE because the federated domain already exist you gonna update it, before run the wizard you have to remove the Office365 object from ADFS
upvoted 4 times
...
[Removed]
3 years, 4 months ago
Selected Answer: DE
similar question in Measureup.com , D& E were the answer
upvoted 2 times
...
joergsi
3 years, 4 months ago
Selected Answer: BD
For me 1. = D 2. = B
upvoted 1 times
joergsi
3 years, 4 months ago
OK, need to correct my vote: https://docs.microsoft.com/en-us/office365/troubleshoot/active-directory/update-federated-domain-office-365#:~:text=To%20do%20this%2C%20click%20Start,Office%20365%20Identity%20Platform%20entry. Log on to the AD FS server. To do this, click Start, point to All Programs, point to Administrative Tools, and then click AD FS (2.0) Management. In the left navigation pane, click AD FS (2.0), click Trust Relationships, and then click Relying Party Trusts. In the rightmost pane, delete the Microsoft Office 365 Identity Platform entry. In the Windows PowerShell window that you opened in step 1, re-create the deleted trust object. To do this, run the following command, and then press Enter: Update-MSOLFederatedDomain –DomainName: <Federated Domain Name> –supportmultipledomain So it would be, in the correct order: E then D!
upvoted 1 times
...
...
Glorence
3 years, 4 months ago
Selected Answer: DE
D and E for sure! Check out this link https://docs.microsoft.com/en-US/troubleshoot/azure/active-directory/federation-service-identifier-specified
upvoted 1 times
joergsi
3 years, 4 months ago
Thank you for the link. If you check the commands you will find: Steps: 1. Update-MSOLFederatedDomain -DomainName <Federated Domain Name> -supportmultipledomain 2. New-MSOLFederatedDomain -domainname <domain name> -supportmultipledomain For me 1. = D 2. = B
upvoted 1 times
...
...
kanag1
3 years, 5 months ago
Selected Answer: DE
According the link below, the right answers are : Step "E" first and then "D". 1. Remove the "Relying Party Trusts" 2. Update-MsolFederatedDomain -DomainName contoso.com -SupportMultipleDomain 3. New-MsolFederatedDomain –SupportMultipleDomain –DomainName <Newdomainname> https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-multiple-domains
upvoted 3 times
...
fofo1960
3 years, 5 months ago
Selected Answer: DE
Agree with Lucidgreen
upvoted 3 times
...
FumerLaMoquette
3 years, 5 months ago
Selected Answer: CE
I'm with the minority on this. It has to be C and E, because in the text, it described that adatum.com was added after federation. I believe we need to then add a new msol federation for adatum.com.
upvoted 2 times
...
Aesam
3 years, 8 months ago
D & E for sure, below link gives exact steps for scenario in question. https://docs.microsoft.com/en-US/troubleshoot/azure/active-directory/federation-service-identifier-specified
upvoted 5 times
...
Linux09
3 years, 9 months ago
A+E is correct. "The Convert-MSOLDomainToFederated cmdlet converts the specified domain from standard authentication to single sign-on. This includes configuring the relying party trust settings between the Active Directory Federation Services 2.0 server and Microsoft Online. Single sign-on is also known as identity federation." https://docs.microsoft.com/en-us/powershell/module/msonline/convert-msoldomaintofederated?view=azureadps-1.0
upvoted 1 times
...
fko1978
3 years, 9 months ago
difference convert or update-msoldomaintofederated explained https://docs.microsoft.com/en-us/powershell/module/msonline/convert-msoldomaintofederated?view=azureadps-1.0
upvoted 1 times
...
lengySK
3 years, 9 months ago
I think D E
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel