Exam MS-102 All QuestionsBrowse all questions from this exam
Go to Exam
Question 47

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the users shown in the following table.

The domain syncs to an Azure AD tenant named contoso.com as shown in the exhibit. (Click the Exhibit tab.)

User2 fails to authenticate to Azure AD when signing in as [email protected].

You need to ensure that User2 can access the resources in Azure AD.

Solution: From the Microsoft Entra admin center, you add fabrikam.com as a custom domain. You instruct User2 to sign in as [email protected].

Does this meet the goal?

    Correct Answer: B

    User2 is unable to authenticate to Azure AD because their UPN suffix (Fabrikam.com) is not currently recognized as a domain within the Azure AD tenant (contoso.com). Simply adding fabrikam.com as a custom domain in the Microsoft Entra admin center is insufficient if the domain is not verified. Additionally, the domain must be added to Entra Connect for proper synchronization. Without these crucial steps, User2 will continue to face authentication issues. Therefore, the solution does not meet the goal.

Discussion
Greatone1Option: A

the answer is A.

sherifhamedOption: A

The on-premises Active Directory domain is named contoso.com. To enable users to sign on using a different UPN (different domain), you need to add the domain to Microsoft 365 as a custom domain. review: https://www.examtopics.com/discussions/microsoft/view/50100-exam-ms-100-topic-2-question-56-discussion/

jbuexamtopicsOption: B

Very tricky, I'll go for B because it didnt mentioned that fabrikam.com was verified.

CasticodOption: B

From the first reading, I think that the local active directory has the UP added, since the user logs in locally with Fabrikam.com I can add the domain Fabrikam.com to Entra admin center. What happens is that the question does not make it clear if the domain configuration is completed. If this step is not taken, when you synchronize and check, it will assign the domain onmicrosoft.com and not Fabrikam.com, the answer is NO

RJTW070Option: A

Yes, the solution meets the goal. By adding fabrikam.com as a custom domain in the Microsoft Entra admin center, you can ensure that User2 can authenticate to Azure AD using their email address <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="b2c7c1d7c080f2d4d3d0c0dbd9d3df9cd1dddf">[email protected]</a>. This is because the UPN suffix is used to authenticate a user in Azure AD, so it must match the domain name of the user’s email address. By adding fabrikam.com as a custom domain, you can ensure that User2 can authenticate to Azure AD using their email address <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="88fdfbedfabac8eee9eafae1e3e9e5a6ebe7e5">[email protected]</a>. You can then instruct User2 to sign in as <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="d0a5a3b5a2e290b6b1b2a2b9bbb1bdfeb3bfbd">[email protected]</a> to access the resources they need

AAlmaniOption: A

Correct answer is A

jbuexamtopicsOption: B

Didnt mentioned that it was verified.

letters1234Option: B

Wouldnt this be no, due to there being no federation between the two domains, yes someone could sign in, however there is no notes around the domain being verified or any other setup that would also be required to allow federated sign in. The previous question, where they basically create a user called User2 in the existing domain and ask them to sign in is the most likely if there is a single correct answer. This question feels like only part of the story.

NrdAlrt

It's stated both users exist in the domain which means frabikam.com is a UPN in the contoso.com domain, not a separate forest. The only gotcha is they don't mention the very critical step of verifying the domain. Adding it won't necessarily enable this person to sign-on unless there's an assumption the domain is verified as part of the process of adding it. I'm leaning towards A on this one as I feel that's a safe assumption at the level of detail this scenario provides.

Greatone1

Looking at previous test no one has a real answer. https://www.examtopics.com/discussions/microsoft/view/50100-exam-ms-100-topic-2-question-56-discussion/

ronin201Option: B

Dont't forget about Entra connect settings, if you add custom domain, it should be 1) verified 2) you must add it to Entra Connect for sync

ConstyleOption: A

Answer is A