ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-500 All Questions

View all questions & answers for the AZ-500 exam
Go to Exam

Exam AZ-500 topic 2 question 49 discussion

Actual exam question from Microsoft's AZ-500
Question #: 49
Topic #: 2
[All AZ-500 Questions]

Your network contains an on-premises Active Directory domain named adatum.com that syncs to Azure Active Directory (Azure AD). Azure AD Connect is installed on a domain member server named Server1.
You need to ensure that a domain administrator for the adatum.com domain can modify the synchronization options. The solution must use the principle of least privilege.
Which Azure AD role should you assign to the domain administrator?

  • A. Security administrator
  • B. Global administrator
  • C. User administrator
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by deegadaze1 at Feb. 9, 2021, 3:32 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
deegadaze1
Highly Voted 2 years, 11 months ago
It was in Exam
upvoted 28 times
...
deegadaze1
Highly Voted 3 years ago
Correct
upvoted 16 times
...
stonwall12
Most Recent 1 week, 3 days ago
Selected Answer: B
Answer: B, Global administrator Reason: To modify Azure AD Connect synchronization options, even for domain administrators of the on-premises Active Directory, a Global administrator role in Azure AD is required. This is because changing sync configurations affects the entire Azure AD tenant and requires the highest level of privileges. While this might seem to conflict with the principle of least privilege, it is the minimum required role that can modify Azure AD Connect settings. Reference: https://learn.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-accounts-permissions#azure-ad-global-administrator
upvoted 1 times
...
ITFranz
1 month, 3 weeks ago
Selected Answer: B
To support the answer: While the Global Administrator role is needed for setup and major changes, for ongoing synchronization tasks, Azure AD Connect uses a special service account. This account is granted the Directory Synchronization Accounts role, which has limited permissions specifically for performing directory synchronization tasks It's important to note that after the initial setup, you can reduce the privileges of the account used for day-to-day synchronization operations. However, any significant changes to the synchronization configuration will still require Global Administrator permissions. Answer: B in this case.
upvoted 1 times
...
ESAJRR
7 months, 1 week ago
Selected Answer: B
B. Global administrator
upvoted 4 times
...
majstor86
11 months, 4 weeks ago
Selected Answer: B
B. Global administrator OUTDATED
upvoted 3 times
...
Pearthfect
1 year ago
This is an old question. The new role for least privileged is: Hybrid Identity Administrator on the newer versions of AAD. But in this question, B is correct.
upvoted 11 times
whosdatboi
11 months ago
Azure AD Global Administrator account or Hybrid Identity Administrator account https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-prerequisites#accounts
upvoted 4 times
...
...
Alessandro365
1 year, 8 months ago
Selected Answer: B
B is correct answer.
upvoted 1 times
...
Eltooth
1 year, 11 months ago
Selected Answer: B
B is correct answer.
upvoted 2 times
...
Jco
2 years, 4 months ago
#exam question # 29 Sep
upvoted 7 times
...
TonytheTiger
2 years, 5 months ago
## Exam Question - 17 Sept 2021 ##
upvoted 6 times
...
Benjamin8189
2 years, 6 months ago
Azure AD Global Admin credentials These credentials are only used during the installation and are not used after the installation has completed. It is used to create the Azure AD Connector account used for synchronizing changes to Azure AD. The account also enables sync as a feature in Azure AD.
upvoted 3 times
...
Benjamin8189
2 years, 6 months ago
Azure AD Global Administrator account: used to create the Azure AD Connector account and configure Azure AD. You can view global administrator accounts in the Azure portal. See List Azure AD role assignments.
upvoted 1 times
...
Luketen
2 years, 12 months ago
Confirm.
upvoted 7 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago