Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the users shown in the following table.
You plan to install Azure AD Connect and enable SSO.
You need to specify which user to use to enable SSO. The solution must use the principle of least privilege.
Which user should you specify?
To enable Single Sign-On (SSO) using Azure AD Connect while adhering to the principle of least privilege, you should use a user who is a member of ADSyncAdmins. According to best practices, the user account required for enabling SSO needs administrative permissions related to directory synchronization but does not necessarily need to have full domain administrator privileges. Thus, User3, being a member of ADSyncAdmins, is the most appropriate choice, as this role is specifically tailored for managing directory synchronization tasks without granting excessive permissions.
It's correct. Set up domain administrator credentials: You need to have domain administrator credentials for each Active Directory forest that: You synchronize to Azure AD through Azure AD Connect. Contains users you want to enable for Seamless SSO.
A is correct . Link: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start
I mean C*
You are wrong, A is the correct answer: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start Scroll down til you see or search for *Set up domain administrator credentials
according to the link provided by qerem, answer is C , "Domain Admins"
according to the link provided by qerem, answer is C , "Domain Admins"
You are wrong, A is the correct answer: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start Scroll down til you see or search for *Set up domain administrator credentials
according to the link provided by qerem, answer is C , "Domain Admins"
according to the link provided by qerem, answer is C , "Domain Admins"
According to this document the answer is clearly C, domain admins
According to your link ; "The domain administrator credentials are not stored in Azure AD Connect or in Azure AD. They're used only to enable the feature." (feature here means Enabling SSO) So its domain admins
I mean C*
You are wrong, A is the correct answer: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start Scroll down til you see or search for *Set up domain administrator credentials
according to the link provided by qerem, answer is C , "Domain Admins"
according to the link provided by qerem, answer is C , "Domain Admins"
You are wrong, A is the correct answer: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start Scroll down til you see or search for *Set up domain administrator credentials
according to the link provided by qerem, answer is C , "Domain Admins"
according to the link provided by qerem, answer is C , "Domain Admins"
But the question is not to install but to enable sso and for that domain user should be sufficient
According to this document the answer is clearly C, domain admins
According to your link ; "The domain administrator credentials are not stored in Azure AD Connect or in Azure AD. They're used only to enable the feature." (feature here means Enabling SSO) So its domain admins
6/12/2021. Passed the exam. Domain user
answer should be domain user. As of build 1.4.18.0, you can't use an enterprise admin or domain admin account as the Azure AD DS connector account. When you select Use existing account, if you try to enter an enterprise admin account or a domain admin account, you see the following error: "Using an Enterprise or Domain administrator account for your AD forest account is not allowed. Let Azure AD Connect create the account for you or specify a synchronization account with the correct permissions."
Completely irrelevant, question is NOT about service account to use
Answer is A for sure: "By default, only the user who did the installation and local admins are able to manage the installed sync engine. For additional people to be able to access and manage the sync engine, locate the group named ADSyncAdmins on the local server and add them to this group." https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-post-installation
But this is not about additional user. You are the 1st user. The other two links say you need to be domain admin. Set up domain administrator credentials: You need to have domain administrator credentials for each Active Directory forest that: From the how-to-connect-sso-quick-start link: You synchronize to Azure AD through Azure AD Connect. Contains users you want to enable for Seamless SSO.
it should be B. domain user. the question asks "You need to specify which user to use to enable SSO", not the user installing AD connect which should be Enterprise Admin. As of build 1.4.18.0, you can't use an enterprise admin or domain admin account as the Azure AD DS connector account. When you select Use existing account, if you try to enter an enterprise admin account or a domain admin account, you see the following error: "Using an Enterprise or Domain administrator account for your AD forest account is not allowed. Let Azure AD Connect create the account for you or specify a synchronization account with the correct permissions."
But the question is not about the user required for sync, but which user is required to 'enable SSO'. And THAT must be Domain Admin (or Enterprise Admin in a multi-domain forest).
i think there is typo it should be Enterprise or Domain administrator account as per below reason :- As of build 1.4.18.0, you can't use an enterprise admin or domain admin account as the Azure AD DS connector account. When you select Use existing account, if you try to enter an enterprise admin account or a domain admin account, you see the following error: "Using an Enterprise or Domain administrator account for your AD forest account is not allowed. Let Azure AD Connect create the account for you or specify a synchronization account with the correct permissions." https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-custom
If u hv enabled sso then it will ask for enterprise credential at the end of the installation page
Anser is correct. https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start
Took exam today passed this morning was on there 6/21/2021
I had this question in the exam that i took on July 14th 2021
Answer is C User1 is a domain admin. You need to have domain administrator credentials for each Active Directory forest that: · You synchronize to Azure AD through Azure AD Connect. · Contains users you want to enable for Seamless SSO. https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start
The answer is "C"/User 1. If you follow the link, it states: Continue through the wizard until you get to the Enable single sign on page. Provide domain administrator credentials for each Active Directory forest that: You synchronize to Azure AD through Azure AD Connect. Contains users you want to enable for Seamless SSO. After completion of the wizard, Seamless SSO is enabled on your tenant.
The answer is correct
Correct https://lazyadmin.nl/it/setting-up-single-sign-on-sso-with-azure-ad-connect/
Its domain admin https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-custom
C appears to be the correct answer per their provide URl.
User1 is the correct answer. (Reference : https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-custom#create-the-computer-account-in-active-directory)
Provide domain administrator credentials for each Active Directory forest that: You synchronize to Azure AD through Azure AD Connect. Contains users you want to enable for Seamless SSO. The domain administrator credentials are not stored in Azure AD Connect or in Azure AD. They're used only to enable the feature.
Question appeared On AZ-303 exam on 08/12/2021 - 49 questions, 4Q - Fabrikan case study
Which is the answer?. Whenever AD Connect is installed I use to create an account automatically and I have never tried the option.
This was on today's exam. 12/29/2021 There was change in option. Last option was ENTERPRISE ADMINS. I selected Domain Admins and passed exam with 8XX
It’s so nice that given answer is correct
Answer is C
Domain Admin for sure