ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-140 All Questions

View all questions & answers for the AZ-140 exam
Go to Exam

Exam AZ-140 topic 2 question 15 discussion

Actual exam question from Microsoft's AZ-140
Question #: 15
Topic #: 2
[All AZ-140 Questions]

You have an Azure Active Directory (Azure AD) tenant named contoso.com.
You use a user account named Admin1 to deploy an Azure Active Directory Domain Services (Azure AD DS) managed domain named aaddscontoso.com to a virtual network named VNET1.
You plan to deploy an Azure Virtual Desktop host pool named Pool1 to VNET1.
You need to ensure that you can use the Admin1 user account to deploy Windows 10 Enterprise session hosts to Pool1.
What should you do first?

  • A. Add Admin1 to the AAD DC Administrators group of contoso.com.
  • B. Assign the Cloud device administrator role to Admin1.
  • C. Assign a Microsoft 365 Enterprise E3 license to Admin1.
  • D. Change the password of Admin1.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Flacky_Penguin32 at Nov. 1, 2021, 2:11 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Flacky_Penguin32
Highly Voted 3 years, 7 months ago
A is correct, you need an account that is an AADDS administrator to domain-joined the session hosts.
upvoted 11 times
...
NarenderSingh
Highly Voted 3 years, 6 months ago
Selected Answer: A
Looks OK to me
upvoted 5 times
...
jeff1988
Most Recent 7 months ago
Selected Answer: A
A. Add Admin1 to the AAD DC Administrators group of contoso.com. This will provide Admin1 with the required permissions to manage the Azure AD DS environment, including deploying session hosts
upvoted 1 times
...
CloudDummyDude
1 year, 4 months ago
At First you need to add Admin1 to AAD DC Administrators group. Then you need to reset password because Admin1 is cloud-only account. Both needed but A at first
upvoted 2 times
...
ESAJRR
1 year, 5 months ago
Selected Answer: A
A. Add Admin1 to the AAD DC Administrators group of contoso.com.
upvoted 2 times
...
AKov77777
1 year, 7 months ago
Selected Answer: A
LAB01_L01 Note: Before you can sign in to the newly Microsoft Entra DS joined computer, you need to add the user account you intend to sign in with to the AAD DC Administrators Microsoft Entra group. This Microsoft Entra group is created automatically in the Microsoft Entra tenant associated with the Azure subscription where you provisioned the Microsoft Entra DS instance.
upvoted 2 times
...
[Removed]
1 year, 9 months ago
Selected Answer: D
Because you used Admin1 to create the AaDDs domain it will automatically be added to the DC Administrators Group. Furthermore, answer A references the contoso.com Azure AD tenant not the aaddscontoso.com AADDS instance as stated in the question. So in order to ensure the domain join sequence does not fail you need to update the password of the Admin1 account to ensure it is useable in the AADDS instance. Correct answer is D
upvoted 4 times
[Removed]
1 year, 9 months ago
For cloud-only user accounts, users must change their passwords before they can use Azure AD DS. This password change process causes the password hashes for Kerberos and NTLM authentication to be generated and stored in Azure AD. The account isn't synchronized from Azure AD to Azure AD DS until the password is changed. Either expire the passwords for all cloud users in the tenant who need to use Azure AD DS, which forces a password change on next sign-in, or instruct cloud users to manually change their passwords. For this tutorial, let's manually change a user password. https://learn.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-create-instance#enable-user-accounts-for-azure-ad-ds
upvoted 4 times
...
...
RajeeMark
1 year, 10 months ago
Since the question is about what you should do first, i would say B is the correct answer: The "Cloud device administrator" role in Azure AD grants the necessary permissions to manage Azure Virtual Desktop and deploy and manage session hosts in the host pool. The user sure also needs permissions to join the hosts to the domain, but you need the correct permissions in Azure first, or else you won't be able to deploy anything.
upvoted 3 times
...
BBERCE
1 year, 11 months ago
Selected Answer: A
A is correct
upvoted 2 times
...
jr_luciano
2 years ago
Selected Answer: D
"For cloud-only user accounts, users must change their passwords before they can use Azure AD DS. This password change process causes the password hashes for Kerberos and NTLM authentication to be generated and stored in Azure AD. The account isn't synchronized from Azure AD to Azure AD DS until the password is changed." https://learn.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-create-instance#enable-user-accounts-for-azure-ad-ds
upvoted 3 times
...
HereToLearnNinjitsu
2 years, 5 months ago
Selected Answer: D
D, User from AAD in AADDS needs password change to be valid domain credential
upvoted 2 times
...
topo9216
2 years, 10 months ago
Selected Answer: D
In the official course appear a similar question and the answer id Change the Admin password and this is the reason: Explanation The answer is A, Change the password for the Administrator-East account. As seen in the topic Create a host pool by using the Azure portal, the Administrator account can't have multi-factored authentication (MFA) enabled. And, when joining to an Azure Active Directory Domain Services (Azure AD DS) domain, the account must be part of the Azure AD DC Administrators group and the account password must work in Azure AD DS.
upvoted 3 times
...
senseibrutal
2 years, 11 months ago
A is correct. Because of the Domain Join of the Session Hosts Admin1 needs to be in DC Administrator group.
upvoted 2 times
...
Eltooth
3 years, 2 months ago
Selected Answer: A
A is the correct answer (if Admin1 password has been sync'd from AAD to AAD DS)
upvoted 3 times
...
Marius6299
3 years, 3 months ago
Selected Answer: A
need an account that is an AADDS administrator
upvoted 3 times
...
Citrix12345
3 years, 4 months ago
Azure Active Directory Domain Services (Azure AD DS) = addscontoso.com Add Admin1 to the AAD DC Administrators group of contoso.com. Question says addscontoso.com and answer contoso.com. Does this mean the answer is D?
upvoted 2 times
...
hallsos
3 years, 5 months ago
Admin1 also needs to change password so its sycned into AAD DS, so it can be used. So this could be A and/or D
upvoted 2 times
Slimane
2 years, 7 months ago
Synced from what? AAD DS is a managed domain... would go with A as you need the rights to domain join the VMs.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel