AZ-303 Exam QuestionsBrowse all questions from this exam
Go to Exam

AZ-303 Exam - Question 25

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You manage an Active Directory domain named contoso.local.

You install Azure AD Connect and connect to an Azure Active Directory (Azure AD) tenant named contoso.com without syncing any accounts.

You need to ensure that only users who have a UPN suffix of contoso.com in the contoso.local domain sync to Azure AD.

Solution: You use Azure AD Connect to customize the synchronization options.

Does this meet the goal?

Show Answer
Correct Answer: B

To ensure that only users with a UPN suffix of contoso.com in the contoso.local domain are synced to Azure AD, using the Synchronization Rules Editor is the correct approach. Azure AD Connect customization alone does not allow for such specific attribute-based filtering. The Synchronization Rules Editor enables the creation and management of rules that filter users based on their UPN suffix, ensuring that only the desired users are synchronized to Azure AD.

Discussion

23 comments
Sign in to comment
kcinofni
Nov 16, 2020

Correct B: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering#outbound-filtering

IvanDan
Dec 5, 2020

Agree “ In this example, you change the filtering so that only users that have both their mail and userPrincipalName ending in @contoso.com are synchronized: Sign in to the server that is running Azure AD Connect sync by using an account that is a member of the ADSyncAdmins security group. Start Synchronization Rules Editor from the Start menu.” So the B is correct

IvanDan
Dec 5, 2020

The information quoted is from the link pasted by @kcinofni

buanilk
Nov 14, 2020

In AD connect one can only select the OU to be sync and for the UPN selection one has to do in sync editor.

tita_tovenaar
Jul 14, 2021

that’s maybe the tricky part … they call it UPN but it’s actually just a difference in OUs and so AD connect should be sufficient.

andyR
Nov 4, 2020

Answer A

arunpaul
Feb 21, 2021

Both Az AD Connect and Syc Rules editor do the job....please check

JasonYin
Nov 10, 2020

Answer should be A/Yes https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering#configure-attribute-based-filtering To set the domain filter, do the following steps: Start the Azure AD Connect wizard Click Configure. Select Customize Synchronization Options and click Next. Enter your Azure AD credentials On the Connected Directories screen click Next. On the Domain and OU filtering page click Refresh. New domains will now appear and deleted domains will disappear.

ihustle
Nov 11, 2020

Answer is A https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering#configure-attribute-based-filtering

mtk93
Dec 20, 2020

B - the given answer are correct. you need the rule editor. Watch next question.

AWS56
Jan 10, 2021

Agree, I will go with B

Sumbasa
Jan 12, 2021

Answer B - I understand when someone chose A, but in this case we already installed AD Connect, so if I would be the admin I would choose the Synch. Rules Editor instead of going through the wizard again.

satbim
Jan 2, 2021

Based on the reading, it can be achieved using AD connect or synchronisation rule editor but with AD connect, u need to run the installation wizard again. I would prefer to go with B keeping this in mind.

BigR
Feb 23, 2021

yes but it still meet the goal with using AD Connect. I go for A

pgx7
Apr 24, 2021

Correct is B : you need to use Synchronization Rules Editor - Some guys says that A is correct because you could configure Domain-based filtering using Sync service configuration : while that is true, this is not what is asked in this question - It is not asked to filter a Domain (Child domains for exemple in a forest) but to filter from a Specfic UPN in a domain - And the only supported way to do that is to configure synchonization Rules (add new ones, don't modify default ones)

Ace786
Nov 5, 2020

sorry upvoted by mistake, you need the sync rules editor

sejalo
Dec 14, 2020

Answer should be B If you refer Positive filtering: "only sync these" under this url, it is stated clearly that Sync Rule edition is required. https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering#configure-attribute-based-filtering

Krsto
Feb 15, 2021

By default, all domains and organizational units (OUs) are synchronized. If you don't want to synchronize some domains or OUs to Azure AD, you can clear the appropriate selections. https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-custom#domain-and-ou-filtering So the answer is A

Mucker973
May 28, 2021

very misleading question, is this on an exam anywhere exactly worded the same? In my mind the "Azure AD connect" in the context of this question is the same thing as the "rules editor". I knew it was there were you do it, I just thought the question when that GUI when they said "azure AD connect"

pentium75
Jul 7, 2021

I think "Azure AD Connect" is the whole sync tool. But this kind of filter can NOT be done in the sync OPTIONS (where you specify how often to run etc.) but in the RULES editor. Though both, options AND rules, are maintained with the same tool called Azure AD Connect.

NAWEN
Nov 17, 2020

Answer A, https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering#configure-attribute-based-filtering The preferred way to change domain-based filtering is by running the installation wizard and changing domain and OU filtering. The installation wizard automates all the tasks

moumugdha
Dec 26, 2020

According to me it will be A.

Mucker973
May 28, 2021

very misleading question, is this on an exam anywhere exactly worded the same? In my mind the "Azure AD connect" in the context of this question is the same thing as the "rules editor". I knew it was there were you do it, I just thought the question when that GUI when they said "azure AD connect"

MinhajR
Aug 27, 2021

On Exam 27/08/2021

asdyxc
Dec 8, 2020

Found another compelling argument for answer A: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-sync-attributes-synchronized

Amit3
Jun 11, 2021

On Exam 11-Jun-21, Answer is B.

tita_tovenaar
Jul 14, 2021

sorry, correct A: “ There are two ways to select the domains to be synchronized: - Using the Synchronization Service - Using the Azure AD Connect wizard.” https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering#outbound-filtering

syu31svc
Aug 28, 2021

I will go for A In Azure AD Connect sync, you can enable filtering at any time. By using filtering, you can control which objects appear in Azure Active Directory (Azure AD) from your on-premises directory. https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-azure-ad-connect https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering#attribute-based-filtering

syu31svc
Aug 28, 2021

Sorry disregard my previous post Answer is B

plmmsg
Sep 8, 2021

No. use Synchronization Rules Editor

KemalMOption: B
Feb 20, 2022

use Synchronization Rules Editor