Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Microsoft Discussions

Exam AZ-103 topic 5 question 21 discussion

Actual exam question from Microsoft's AZ-103
Question #: 21
Topic #: 5
[All AZ-103 Questions]

You configure Azure AD Connect for Azure Active Directory Seamless Single Sign-On (Azure AD Seamless SSO) for an on-premises network.
Users report that when they attempt to access myapps.microsoft.com, they are prompted multiple times to sign in and are forced to use an account name that ends with onmicrosoft.com.
You discover that there is a UPN mismatch between Azure AD and the on-premises Active Directory.
You need to ensure that the users can use single-sign-on (SSO) to access Azure resources.
What should you do first?

  • A. From the server that runs Azure AD Connect, modify the filtering options.
  • B. From the on-premises network, deploy Active Directory Federation Services (AD FS).
  • C. From Azure AD, add and verify a custom domain name.
  • D. From the on-premises network, request a new certificate that contains the Active Directory domain name.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
Every new Azure AD tenant comes with an initial domain name, domainname.onmicrosoft.com. You can't change or delete the initial domain name, but you can add your organization's names to the list. Adding custom domain names helps you to create user names that are familiar to your users, such as [email protected].
References:
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom-domain
by Lains2019 at June 6, 2020, 7:15 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Goena
Highly Voted 3 years, 11 months ago
Seamless SSO also works on Azure AD Connect. Only not for remote users on example vpn. User can only receive "account name that ends with onmicrosoft.com" when there is somthing wrong with the Custom domain name. C is correct.
upvoted 13 times
...
Amir1909
Most Recent 3 months ago
C is correct
upvoted 1 times
...
Nsobundu
3 years ago
This has nothing to do with ADFS. UPN mismatch means their username in AD is different from their username in the cloud so you need to add a custom domain in the cloud and sync the users to the cloud to resolve the UPN mismatch issue. A user in AD have a username of User1@contoso. Com and in the cloud the user is [email protected] this is a mismatch and can be resolve by adding a custom domain to the tenant. Given answer is correct
upvoted 1 times
...
Thi
3 years, 6 months ago
C. From Azure AD, add and verify a custom domain name.
upvoted 1 times
...
Anshi
3 years, 10 months ago
Seamless SSO can be combined with either the Password Hash Synchronization or Pass-through Authentication sign-in methods. Seamless SSO is not applicable to Active Directory Federation Services (ADFS). https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso#:~:text=Azure%20Active%20Directory%20Seamless%20Single%20Sign%2DOn%20(Azure%20AD%20Seamless,even%20type%20in%20their%20usernames.
upvoted 2 times
...
YPR
3 years, 10 months ago
Correct answer is B
upvoted 1 times
YPR
3 years, 10 months ago
Please ignore my above comment. Correct answer is C i.e From Azure AD, add and verify a custom domain name. https://docs.microsoft.com/bs-latn-ba/azure/active-directory/hybrid/tshoot-connect-objectsync#upn-suffix-is-not-verified-with-azure-ad-tenant
upvoted 3 times
...
...
ChiggaBoy
3 years, 10 months ago
Correct answer is B https://docs.microsoft.com/bs-latn-ba/azure/active-directory/hybrid/tshoot-connect-objectsync#upn-suffix-is-not-verified-with-azure-ad-tenant
upvoted 1 times
...
Lains2019
3 years, 11 months ago
I think B From the on-premises network, deploy Active Directory Federation Services (AD FS). Because this is for SSO.
upvoted 1 times
Hanuman
3 years, 11 months ago
Yes for SSO, Federation or pass-through authentication is an option.
upvoted 1 times
...
I
3 years, 2 months ago
Do you know what account finished by onmicrosoft.com? The tenant email account has been forced to be finished by onmicrosoft.com. So you need to create a customed email account. Answer is C.
upvoted 1 times
...
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel