Exam MS-100 topic 3 question 89 discussion

Wrong ... It should be No, No, No since group is Sales OU which does not synchronize When using OU-based filtering in conjunction with group-based filtering, the OU(s) where the group and its members are located must be included. (https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering#group-based-filtering)

Should be N/N/N When a Group is not in a synced OU nothing gets synced Besides that Nested group membership is not resolved – objects to synchronize must be direct members of the group used for filtering https://azurecloudai.blog/2019/11/07/field-notes-azure-active-directory-group-filtering-gotchas/

Correct answer is and always will be "YES - NO - YES" check copilot answer.. n your case: OU1 and OU2 are specified in the OU-based filter. The user/group filter includes specific users and groups. The synchronized objects will be the users and groups within OU1 and OU2 that match the user/group filter criteria. Objects outside these OUs or not matching the filter criteria will not be synchronize

Correct

You can use multiple filtering options at the same time. For example, you can use OU-based filtering to only include objects in one OU. At the same time, you can use attribute-based filtering to filter the objects further. When you use multiple filtering methods, the filters use a logical "AND" between the filters.

I find any reference that states that the Filter group need to be included in the select OU/s. So objects within OU1 that are members of Group1 should be included for sync. I think the answer should be User1 Yes - The user is in OU1 and in Group1 User2 No – The user is excluded by the group1 filter Group 2 Yes – The group is in OU1 and a member of Group1 (Group 2 is a direct member of Group 1, this is not a nested scenario)

Y-Y-N. User1 and User2 are in OU1. Since nested groups are not admitted, group2 doesn't syncs.

User1 is not in the Sales OU, not synced User2 is not in the Sales OU, not synced Group2 is not in the Sales OU, not synced To be within the filtering scope, both Sales OU and OU1 OU would have to be synced. So even though Group1 is synced, User1 is not because its OU is not synced. If there are other users part of Group1 in the Sales OU, they would be synced So this is N/N/N

https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-custom#sync-filtering-based-on-groups Screen 1 is to confuse you as only the second screen that shows a 1 time pilot matters. And only direct members of the selection for the pilot (group 1) are synced which is User1 only: YNN

The questions states "You are deploying Azure AD Connect." From MS "You can configure group-based filtering the first time that you install Azure AD Connect by using custom installation. It's intended for a pilot deployment where you want only a small set of objects to be synchronized. When you disable group-based filtering, it can't be enabled again. " https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering So it will still work. However Nested group membership is not resolved – objects to synchronize must be direct members of the group used for filtering. So I would say YNN

Can anyone provide an answer to this?