Here you have the best Microsoft AZ-800 practice exam questions
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com.
You need to identify which server is the PDC emulator for the domain.
Solution: From Active Directory Domains and Trusts, you right-click Active Directory Domains and Trusts in the console tree, and then select Operations
Master.
Does this meet the goal?
To identify the server that is the PDC emulator for the domain, you should use the Active Directory Users and Computers console, not the Active Directory Domains and Trusts console. From Active Directory Users and Computers, you right-click the domain, select Operations Masters, and then select the PDC tab to view the server holding the PDC emulator role. Therefore, the proposed method does not meet the goal.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com.
You need to identify which server is the PDC emulator for the domain.
Solution: From a command prompt, you run netdom.exe query fsmo.
Does this meet the goal?
To identify which server is the PDC emulator for the domain, you can use the command 'netdom query fsmo' in a command prompt. This command lists the Flexible Single Master Operations (FSMO) roles, including which server holds the PDC emulator role. Running 'netdom.exe query fsmo' will also work, as 'netdom.exe' specifies the executable file directly.
You have an on premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant.
You plan to implement self-service password reset (SSPR) in Azure AD.
You need to ensure that users that reset their passwords by using SSPR can use the new password resources in the AD DS domain.
What should you do?
To ensure that users who reset their passwords using self-service password reset (SSPR) in Azure Active Directory (Azure AD) can use the new passwords with resources in the on-premises Active Directory Domain Services (AD DS) domain, you need to enable password writeback. This process synchronizes the new passwords back to the on-premises AD DS in real time. To achieve this, you should run the Microsoft Azure Active Directory Connect wizard and select the Password writeback option. This configuration allows the updated passwords from Azure AD to be written back to the on-premises AD DS environment, ensuring password consistency across both directories.
You have an Azure Active Directory Domain Services (Azure AD DS) domain named contoso.com.
You need to provide an administrator with the ability to manage Group Policy Objects (GPOs). The solution must use the principle of least privilege.
To which group should you add the administrator?
To manage Group Policy Objects (GPOs) in an Azure Active Directory Domain Services (Azure AD DS) environment, the administrator should be added to the 'AAD DC Administrators' group. This group is designed specifically for managing Azure AD DS and includes the necessary permissions for Group Policy administration, including creating custom GPOs and organizational units (OUs). This adheres to the principle of least privilege by granting only the permissions necessary for GPO management without providing excessive privileges.
DRAG DROP -
You create a new Azure subscription.
You plan to deploy Azure Active Directory Domain Services (Azure AD DS) and Azure virtual machines.
You need to ensure that the virtual machines can join to Azure AD DS.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-create-instance