AZ-103 Exam QuestionsBrowse all questions from this exam
Go to Exam

AZ-103 Exam - Question 150

HOTSPOT -

Your network contains an Active Directory domain named adatum.com and an Azure Active Directory (Azure AD) tenant named adatum.onmicorosft.com.

Adatum.com contains the user accounts in the following table.

Exam AZ-103 Question 150

Adatum.onmicrosoft.com contains the user accounts in the following table.

Exam AZ-103 Question 150

You need to implement Azure AD Connect. The solution must follow the principle of least privilege.

Which user accounts should you use? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

Exam AZ-103 Question 150
Show Answer
Correct Answer:
Exam AZ-103 Question 150

Box 1: User5 -

In Express settings, the installation wizard asks for the following:

AD DS Enterprise Administrator credentials

Azure AD Global Administrator credentials

The AD DS Enterprise Admin account is used to configure your on-premises Active Directory. These credentials are only used during the installation and are not used after the installation has completed. The Enterprise Admin, not the Domain Admin should make sure the permissions in Active Directory can be set in all domains.

Box 2: UserA -

Azure AD Global Admin credentials are only used during the installation and are not used after the installation has completed. It is used to create the Azure AD

Connector account used for synchronizing changes to Azure AD. The account also enables sync as a feature in Azure AD.

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-accounts-permissions

Discussion

5 comments
Sign in to comment
macco455
Jun 11, 2020

Answer is correct. They try to trick you by saying use least privilege, but in this case least privilege is the most privilege

PM2
May 27, 2020

Correct Answer

Cloudyuga
May 17, 2020

second Box Adatum.onmicrosoft.com is correct answer we need Azure AD Global Administrator account: used to create the Azure AD Connector account and configure Azure AD. First Box not sure ..!!

lehrie
Oct 17, 2020

answer is correct. https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-accounts-permissions#express-settings-installation

Preeto18
Oct 2, 2021

perfect :) Thank you for sharing the link...answer B is correct guys !

Dizar
Aug 7, 2020

Question 1, User 1 might be able to do the job. In question 1, considering it's a 1 domain forest "User1" which is Domain admins might be able to do the job. This is what the account is used for: Creates the AD DS Connector account in Active Directory and grants permissions to it. This created account is used to read and write directory information during synchronization.