AZ-303 Exam QuestionsBrowse all questions from this exam
Go to Exam

AZ-303 Exam - Question 26

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You manage an Active Directory domain named contoso.local.

You install Azure AD Connect and connect to an Azure Active Directory (Azure AD) tenant named contoso.com without syncing any accounts.

You need to ensure that only users who have a UPN suffix of contoso.com in the contoso.local domain sync to Azure AD.

Solution: You use Synchronization Rules Editor to create a synchronization rule.

Does this meet the goal?

Show Answer
Correct Answer: A

A

Filtering what objects are synced to Azure AD is a common request and there are many instances where filtering by OU just doesn't cut it. One option is to filter users by their UPN suffix so that only users with the public FQDN as their UPN suffix are synced to Azure AD (e.g., john.doe@acme.com would be synced while jane.doe@internal.acme.com would not).

Filtering can be configured using either the GUI or PowerShell.

Through GUI:

Using The Synchronization Rules Editor

1. Open the Synchronization Rules Editor on the server where Azure AD Connect is installed.

Exam AZ-303 Question 26

2. Click the Add new rule button on the View and manage your synchronization rules window.

3. Fill out the appropriate fields on the Description tab and click Next >.

4. On the Scoping filter tab, click Add group, then Add clause, add a userPrincipalName attribute filter, and click Next >.

Attribute: userPrincipalName -

Operator: ENDSWITH -

Value: Your internal UPN suffix prefixed with @ (e.g., @internal.acme.com). Users with this UPN suffix will NOT be synced with Office 365.

Exam AZ-303 Question 26

Reference:

https://www.sidekicktech.com/blog/field-notes/2019/upn-suffix-filtering-ad-connect/

Discussion

11 comments
Sign in to comment
Kraviecc
Jan 10, 2021

Correct

TSMRE
Jun 8, 2021

On exam 6/7/21, given answer correct

Amit3
Jun 11, 2021

On Exam 11-Jun-21, Answer is correct.

DGladiator
Jun 14, 2021

correct

MinhajR
Aug 27, 2021

On Exam 27/08/2021

syu31svc
Aug 28, 2021

You can use the synchronization rule editor to edit or create a new synchronization rule. You can create a rule based on UPN. https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-create-custom-sync-rule Answer is Yes

ramingt
Jan 25, 2021

I think thats no - it should be the sync service manager

lwslaw
Mar 24, 2021

why it one is Y. but the previous is No?

Charl
Apr 5, 2021

In the previous question, the solution was to change the synchronization process where here the solution is to add a "filter rule" which is two different things.

rsaintt
Apr 17, 2021

Agree.

ExStudent
Aug 15, 2021

Admins of the website: Please review the link posted in the answer area. Below is the working link https://www.sidekicktech.com/blog/field-notes/upn-suffix-filtering-ad-connect/

KemalMOption: A
Feb 20, 2022

correct, use Synchronization Rules Editor