ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-300 All Questions

View all questions & answers for the AZ-300 exam
Go to Exam

Exam AZ-300 topic 4 question 5 discussion

Actual exam question from Microsoft's AZ-300
Question #: 5
Topic #: 4
[All AZ-300 Questions]

HOTSPOT -
You network contains an Active Directory domain named adatum.com and an Azure Active Directory (Azure AD) tenant named adatum.onmicrosoft.com.
Adatum.com contains the user accounts in the following table.

Adatum.onmicrosoft.com contains the user accounts in the following table.

You need to implement Azure AD Connect. The solution must follow the principle of least privilege.
Which user accounts should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: User5 -
In Express settings, the installation wizard asks for the following:
AD DS Enterprise Administrator credentials
Azure AD Global Administrator credentials
The AD DS Enterprise Admin account is used to configure your on-premises Active Directory. These credentials are only used during the installation and are not used after the installation has completed. The Enterprise Admin, not the Domain Admin should make sure the permissions in Active Directory can be set in all domains.

Box 2: UserA -
Azure AD Global Admin credentials are only used during the installation and are not used after the installation has completed. It is used to create the Azure AD
Connector account used for synchronizing changes to Azure AD. The account also enables sync as a feature in Azure AD.
References:
https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-accounts-permissions
by dumpmaster at Nov. 21, 2019, 2:01 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
dumpmaster
Highly Voted 5 years, 6 months ago
Agree: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-prerequisites#before-you-install-azure-ad-connect
upvoted 13 times
...
DamianDeLaVinya84
Highly Voted 5 years, 1 month ago
In addition to these three accounts used to run Azure AD Connect, you will also need the following additional accounts to install Azure AD Connect. These are: --Local Administrator account: The administrator who is installing Azure AD Connect and who has local Administrator permissions on the machine. --AD DS Enterprise Administrator account: Optionally used to create the “AD DS Connector account” above. --Azure AD Global Administrator account: used to create the Azure AD Connector account and configure Azure AD. Answer is correct. https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-accounts-permissions
upvoted 5 times
...
gboyega
Most Recent 4 years, 11 months ago
USER 5 USER A
upvoted 5 times
...
Prash85
5 years ago
given answer is correct
upvoted 3 times
...
Musk
5 years, 6 months ago
Documentation says "If you use Express settings" but if you want to follow the least privileges principle you may need to follow the advanced setup path which allows you to use a different level.
upvoted 4 times
A365
4 years, 10 months ago
It is mentioned "least privilege" which indicates using custom settings for the setup. According to this documentation, no Enterprise Admin privileges are needed when custom settings approach is used: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-accounts-permissions#custom-installation-settings Glocal Admin and Domain Admin for ADFS should be sufficient.
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel