ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-303 All Questions

View all questions & answers for the AZ-303 exam
Go to Exam

Exam AZ-303 topic 2 question 20 discussion

Actual exam question from Microsoft's AZ-303
Question #: 20
Topic #: 2
[All AZ-303 Questions]

You have the following Azure Active Directory (Azure AD) tenants:
✑ Contoso.onmicrosoft.com: Linked to a Microsoft 365 tenant and syncs to an Active Directory forest named contoso.com by using password hash synchronization
✑ Contosoazure.onmicrosoft.com: Linked to an Azure subscription named Subscription1
You need to ensure that you can assign the users in contoso.com access to the resources in Subscription1.
What should you do?

  • A. Associate Subscription1 to contoso.onmicrosoft.com. Reassign all the roles in Subscription1.
  • B. Configure the existing Azure AD Connect server to sync contoso.com to contosoazure.onmicrosoft.com.
  • C. Configure contoso.onmicrosoft.com to use pass-through authentication.
  • D. Configure contosoazure.onmicrosoft.com to use pass-through authentication.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-topologies#multiple-forests-multiple-sync-servers-to-one-azure-ad-tenant
by Ario at June 3, 2021, 7:09 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
betamode
Highly Voted 4 years ago
Please ignore previous comment regarding option B explanation however, option A is still the correct option. Option B can't be used because of 2 reasons: 1) There's a 1:1 relationship between an Azure AD Connect sync server and an Azure AD tenant. For each Azure AD tenant, you need one Azure AD Connect sync server installation. Option B says - Configure the existing Azure AD Connect server to sync contoso.com to contosoazure.onmicrosoft.com. We can't use existing Azure AD connect server. 2) Synching the same user to multiple Azure AD tenants isn't supported. Option B says - Configure the existing Azure AD Connect server to sync contoso.com to contosoazure.onmicrosoft.com. We can't use existing Azure AD connect server. contoso.com users are already synchronized with Contoso.onmicrosoft.com. As mentioned above, synching the same user (Contoso.com users in this case) to another Azure AD tenant (Contoso.onmicrosoft.com) is not possible.
upvoted 15 times
...
syu31svc
Highly Voted 3 years, 10 months ago
A is the answer https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta C and D are wrong since Azure Active Directory (Azure AD) Pass-through Authentication allows your users to sign in to both on-premises and cloud-based applications using the same passwords https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-topologies#multiple-forests-multiple-sync-servers-to-one-azure-ad-tenant B is wrong since more than one Azure AD Connect sync server connected to a single Azure AD tenant is not supported
upvoted 5 times
gizda2
3 years, 9 months ago
C and D are purely wrong BECAUSE they don't provide any solution for the exact question.
upvoted 1 times
...
J4U
3 years, 10 months ago
Correct. Moving subscription between tenants requires to reconfigure all roles. https://docs.microsoft.com/en-us/azure/role-based-access-control/transfer-subscription
upvoted 1 times
...
...
rxlicon
Most Recent 1 year, 9 months ago
For each Azure AD tenant, you need only one Azure AD Connect sync server installation from the same AD Synching the same user to multiple Azure AD tenants isn't supported.
upvoted 1 times
...
edmacoar123
3 years, 7 months ago
On exam today 19/11/21. Correct answer. Score 860.
upvoted 3 times
...
MinhajR
3 years, 10 months ago
On Exam 27/08/2021
upvoted 2 times
...
AAPaul
3 years, 11 months ago
I had this question in the exam that i took on July 14th 2021
upvoted 3 times
...
betamode
4 years ago
Given answer (Option A) is correct. Option B can't be chosen because having more than one Azure AD Connect sync server connected to a single Azure AD tenant is not supported. This is mentioned in MS doc as well here - https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-topologies#multiple-forests-multiple-sync-servers-to-one-azure-ad-tenant option C & D are not going to solve the purpose as they are used mainly for SSO.
upvoted 4 times
...
Ario
4 years ago
B is correct answer
upvoted 1 times
Gopinath601
4 years ago
I think answer is A. If we connect the existing Azure AD Connect server to sync contoso.com to contosoazure.onmicrosoft.com user will loose the access of O365 as it is not possible Synching the same user to multiple Azure AD tenants.
upvoted 3 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel