AZ-303 Exam QuestionsBrowse all questions from this exam
Go to Exam

AZ-303 Exam - Question 27

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You manage an Active Directory domain named contoso.local.

You install Azure AD Connect and connect to an Azure Active Directory (Azure AD) tenant named contoso.com without syncing any accounts.

You need to ensure that only users who have a UPN suffix of contoso.com in the contoso.local domain sync to Azure AD.

Solution: You use the Synchronization Service Manager to modify the Active Directory Domain Services (AD DS) Connector.

Does this meet the goal?

Show Answer
Correct Answer: B

To ensure that only users with a UPN suffix of contoso.com in the contoso.local domain sync to Azure AD, you need to use the Synchronization Rules Editor. This tool allows you to create and modify attribute-based rules that filter users based on specific criteria, such as their UPN suffix. The AD DS Connector in the Synchronization Service Manager is used to manage connections but does not provide the granular control needed for attribute-based filtering. Therefore, using the Synchronization Rules Editor is the correct method to achieve the desired outcome.

Discussion

14 comments
Sign in to comment
jamhaneef
Jan 24, 2021

People are upvoting even the wrong answers.. This question is simple. Its B not A. For attribute based filtering - Rules editor For Domain filtering - Service manager.. thats it

heany
Mar 5, 2021

only clear and right answer here.

Joygant
Mar 11, 2021

This is a great answer. But cannot the said asked be achieved through Domain filtering? It looks like talking about UPN suffix which is most of the cases domain name only, right? Can you please help explaining this part?

buanilk
Nov 14, 2020

correct answer is NO. https://www.youtube.com/watch?v=I2PISfrM0Kk

jamhaneef
Jan 24, 2021

Already given answers are wrong and even people who comment are also wrong.. Please please study do lab and then comment. One thing is dont upvote if you dont know if the answer is correct

heany
Jan 17, 2021

The answer is No. The key difference from the rule editor is that the list in sync service manager is based on existing domains in on-prem active directory ( you have to refresh to get the updated list) . Once new domains added, the configuration cannot make sure the filtering. Only the rule editor can make sure all identity with UPN suffix will be filtered

moumugdha
Dec 26, 2020

B will be the correct one

fudu101
Nov 9, 2020

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering#configure-attribute-based-filtering

NAWEN
Nov 17, 2020

Answer A, correct. In Azure AD Connect sync, you can enable filtering at any time. If you start with a default configuration of directory synchronization and then configure filtering, the objects that are filtered out are no longer synchronized to Azure AD. Because of this change, any objects in Azure AD that were previously synchronized but were then filtered are deleted in Azure AD. https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering#configure-attribute-based-filtering

SubeeshBC
Jan 20, 2021

Many have quoted this URL:https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering#configure-attribute-based-filtering It clearly says in the "outbound filtering" part that you need to use "Synchronization Rule Editor" to achieve this specific result. Answer should be No

ihustle
Nov 11, 2020

Answer is A https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering#configure-attribute-based-filtering

Lucky1983
Dec 10, 2020

Answer is A - Yes There are two ways to select the domains to be synchronized: - Using the Synchronization Service - Using the Azure AD Connect wizard.

AWS56
Jan 10, 2021

This is incorrect, Sync can be done only using Sync rule editor

tita_tovenaar
Jul 14, 2021

no, Lucky1983 has a point and it can be done in the wizard or Sync service. But the question says “ only users who have a UPN suffix of contoso.com in the contoso.local domain”, meaning you need to sync a part of a domain. And then the answer is No, meaning in this case Lucky1983’s solution doesn’t work.

tita_tovenaar
Jul 14, 2021

no, Lucky1983 has a point and it can be done in the wizard or Sync service. But the question says “ only users who have a UPN suffix of contoso.com in the contoso.local domain”, meaning you need to sync a part of a domain. And then the answer is No, meaning in this case Lucky1983’s solution doesn’t work.

sejalo
Dec 14, 2020

If you refer Positive filtering: "only sync these" under this url, it is stated clearly that Sync Rule edition is required. https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering#configure-attribute-based-filtering

Ramkid
Jan 10, 2021

The explanation in the given answer talks about the filtering. But the question is about the DS connection modification. Looking into the below link, I think the correct answer is yes, means the synchronisation service manager can be used to modify the DS connectors. https://docs.microsoft.com/fr-fr/azure/active-directory/hybrid/how-to-connect-sync-service-manager-ui

syu31svc
Aug 28, 2021

Answer is No https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-create-custom-sync-rule

KemalMOption: B
Feb 20, 2022

use Synchronization Rules Editor