ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-900 All Questions

View all questions & answers for the AZ-900 exam
Go to Exam

Exam AZ-900 topic 1 question 274 discussion

Actual exam question from Microsoft's AZ-900
Question #: 274
Topic #: 1
[All AZ-900 Questions]

Your network contains an Active Directory forest. The forest contains 5,000 user accounts.
Your company plans to migrate all network resources to Azure and to decommission the on-premises data center.
You need to recommend a solution to minimize the impact on users after the planned migration.
What should you recommend?

  • A. Implement Azure Multi-Factor Authentication (MFA)
  • B. Sync all the Active Directory user accounts to Azure Active Directory (Azure AD)
  • C. Instruct all users to change their password
  • D. Create a guest user account in Azure Active Directory (Azure AD) for each user
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
To migrate to Azure and decommission the on-premises data center, you would need to create the 5,000 user accounts in Azure Active Directory. The easy way to do this is to sync all the Active Directory user accounts to Azure Active Directory (Azure AD). You can even sync their passwords to further minimize the impact on users.
The tool you would use to sync the accounts is Azure AD Connect. The Azure Active Directory Connect synchronization services (Azure AD Connect sync) is a main component of Azure AD Connect. It takes care of all the operations that are related to synchronize identity data between your on-premises environment and
Azure AD.
References:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-whatis
by Ragijo at Nov. 17, 2019, 11:11 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Ragijo
Highly Voted 5 years, 5 months ago
MFA is to use your phone or a secondary phase of authentication. You need to move users to Azure not reset their passwords, so Instruct all users to change their password is invalid. Create a guest user account in Azure Active Directory (Azure AD) for each user, if you do that, is like creating a new user to the existing user, so the identities will be different. The answer is B. Sync all the Active Directory user accounts to Azure Active Directory (Azure AD) using AAD Connect or importing the users from AD DS.
upvoted 102 times
shashu07
4 years, 5 months ago
Excellent Explaination
upvoted 1 times
...
...
axman832005
Highly Voted 5 years, 3 months ago
this was on the test
upvoted 35 times
ultraOriginalVillain
5 years ago
thank you.
upvoted 2 times
...
...
Shruti2024
Most Recent 8 months, 2 weeks ago
Selected Answer: B
B is the most logical choice
upvoted 1 times
...
zellck
2 years, 3 months ago
Selected Answer: B
B is the answer. https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-whatis The Azure Active Directory Connect synchronization services (Azure AD Connect sync) is a main component of Azure AD Connect. It takes care of all the operations that are related to synchronize identity data between your on-premises environment and Azure AD. Azure AD Connect sync is the successor of DirSync, Azure AD Sync, and Forefront Identity Manager with the Azure Active Directory Connector configured.
upvoted 1 times
zellck
2 years, 3 months ago
https://learn.microsoft.com/en-us/training/modules/describe-azure-identity-access-security/2-directory-services If you had an on-premises environment running Active Directory and a cloud deployment using Azure AD, you would need to maintain two identity sets. However, you can connect Active Directory with Azure AD, enabling a consistent identity experience between cloud and on-premises. One method of connecting Azure AD with your on-premises AD is using Azure AD Connect. Azure AD Connect synchronizes user identities between on-premises Active Directory and Azure AD. Azure AD Connect synchronizes changes between both identity systems, so you can use features like SSO, multifactor authentication, and self-service password reset under both systems.
upvoted 1 times
...
zellck
2 years, 3 months ago
Synchronizing all the Active Directory user accounts to Azure Active Directory (Azure AD) can minimize the impact on users after the planned migration as it ensures that all the same user accounts exist in both the on-premises environment and the Azure environment, so users don't have to remember different usernames and passwords. This allows users to continue using the same credentials they've been using before the migration, which reduces friction and support requirements.
upvoted 1 times
...
...
NANANA123
2 years, 4 months ago
Got this question during exam at 11/12/2022
upvoted 1 times
...
fguglia
2 years, 5 months ago
Yes correct
upvoted 1 times
...
TonyghostR05
2 years, 6 months ago
Sync all the account is faster
upvoted 2 times
...
BShelat
3 years ago
Option B makes sense for the scenario while on premise assets are migrating to Azure. To make life easy during migration you want to sync user credentials on premise to Azure AD. But "after migration" you do not even want to have Azure AD connect exists since you are already done with migration and so option B does NOT make sense for the scenario for the "after migration" environment. MFA would make life easy once on premise assets are migrated to cloud. So I would go with Option A considering the words "After migration". What do you say guys?
upvoted 1 times
...
[Removed]
3 years, 7 months ago
Answer B is correct. But you do not sync a password, you sync a hash of a password. That is the password is stored in local Windows AD as a hash, then a salt value is added (a number), and this construct is hashed 1000 times. For a user in practical terms the password is synced, but for us Europeans no local password is stored in Azure AD.
upvoted 2 times
...
dim97
3 years, 8 months ago
Forest?
upvoted 1 times
furymistrz
2 years, 10 months ago
If you have LDAP "tree", you can also have "forest" :D
upvoted 1 times
...
...
Shw7
3 years, 9 months ago
Appeared on 26-July-2021
upvoted 1 times
...
Splay
3 years, 9 months ago
Appeared 28/06/21
upvoted 2 times
...
Gerardo1971
3 years, 12 months ago
Correct answer
upvoted 1 times
...
nickname_200
4 years, 1 month ago
I got it on the exam
upvoted 2 times
...
panal
4 years, 2 months ago
Correct
upvoted 1 times
...
Joe75
4 years, 2 months ago
If there was a choice of "AAD DS", that would be better.
upvoted 1 times
...
Beros
4 years, 3 months ago
The Azure Active Directory Connect synchronization services (Azure AD Connect sync) is a main component of Azure AD Connect. It takes care of all the operations that are related to synchronize identity data between your on-premises environment and Azure AD. https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-whatis
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago