ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-720 All Questions

View all questions & answers for the AZ-720 exam
Go to Exam

Exam AZ-720 topic 4 question 36 discussion

Actual exam question from Microsoft's AZ-720
Question #: 5
Topic #: 4
[All AZ-720 Questions]

A company has an Azure Active Directory (Azure AD) tenant. The company provisions an Azure Active Directory Domain Services (Azure AD DS) instance.
Users report that they are unable to sign into Azure AD DS after being provisioned from Azure AD. You verify the user accounts exist in Azure AD DS.
You need to resolve the issue.
What should you do?

  • A. Delete the Azure application named AzureActiveDirectoryDomainControllerServices and then enable Azure AD DS again.
  • B. Instruct the users to change their password in Azure AD.
  • C. Delete the Azure application named Azure AD Domain Services Sync and then enable Azure AD DS again.
  • D. Deploy Azure AD Connect.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by [deleted] at Jan. 25, 2023, 12:17 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
terawatt
1 year, 11 months ago
Selected Answer: B
B. Instruct the users to change their password in Azure AD. In Azure Active Directory Domain Services (Azure AD DS), password hashes in a format suitable for NT LAN Manager (NTLM) and Kerberos authentication aren't synchronized from Azure AD. These NTLM and Kerberos password hashes are instead created in Azure AD DS when the user changes their password in Azure AD. So, users who were created before Azure AD DS was enabled or those who haven't changed their passwords since Azure AD DS was enabled will not be able to sign in until they change their password. This generates the required password hash for Azure AD DS.
upvoted 1 times
...
cris_exam
2 years, 2 months ago
Selected Answer: B
Yup, based on the shared doc, password change should fix this. https://learn.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-create-instance#enable-user-accounts-for-azure-ad-ds "For cloud-only user accounts, users must change their passwords before they can use Azure AD DS. This password change process causes the password hashes for Kerberos and NTLM authentication to be generated and stored in Azure AD. The account isn't synchronized from Azure AD to Azure AD DS until the password is changed. Either expire the passwords for all cloud users in the tenant who need to use Azure AD DS, which forces a password change on next sign-in, or instruct cloud users to manually change their passwords."
upvoted 1 times
...
MarshalLaw
2 years, 2 months ago
Selected Answer: B
Based on the link that ADrem has provided, I agree with B.
upvoted 1 times
...
[Removed]
2 years, 5 months ago
Answer should be B. More info on: https://learn.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-create-instance#enable-user-accounts-for-azure-ad-ds
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel