You manage an Active Directory domain named contoso.local. You install Azure AD Connect and connect to an Azure Active Directory (Azure AD) tenant named contoso.com without syncing any accounts. You need to ensure that only users who have a UPN suffix of contoso.com in the contoso.local domain sync to Azure AD. What should you do?

QuestionsCategory: AZ-303You manage an Active Directory domain named contoso.local. You install Azure AD Connect and connect to an Azure Active Directory (Azure AD) tenant named contoso.com without syncing any accounts. You need to ensure that only users who have a UPN suffix of contoso.com in the contoso.local domain sync to Azure AD. What should you do?
Admin Staff asked 4 months ago
You manage an Active Directory domain named contoso.local.
You install Azure AD Connect and connect to an Azure Active Directory (Azure AD) tenant named contoso.com without syncing any accounts.
You need to ensure that only users who have a UPN suffix of contoso.com in the contoso.local domain sync to Azure AD.
What should you do?

A. Use the Synchronization Service Manager to modify the Metaverse Designer tab.

B. Use Azure AD Connect to customize the synchronization options.

C. Use the Synchronization Rules Editor to create a synchronization rule.

D. Use Synchronization Service Manager to modify the Active Directory Domain Services (AD DS) Connector.








 

Suggested Answer: C

Filtering what objects are synced to Azure AD is a common request and there are many instances where filtering by OU just doesn't cut it. One option is to filter users by their UPN suffix so that only users with the public FQDN as their UPN suffix are synced to Azure AD (e.g.,
john.doe@acme.com
would be synced while
jane.doe@internal.acme.com
would not).
Filtering can be configured using either the GUI or PowerShell.
Through GUI:
Using The Synchronization Rules Editor
1. Open the Synchronization Rules Editor on the server where Azure AD Connect is installed.
 Reference Image
2. Click the Add new rule button on the View and manage your synchronization rules window.
3. Fill out the appropriate fields on the Description tab and click Next >.
4. On the Scoping filter tab, click Add group, then Add clause, add a userPrincipalName attribute filter, and click Next >.
Attribute: userPrincipalName -
Operator: ENDSWITH -
Value: Your internal UPN suffix prefixed with @ (e.g., @internal.acme.com). Users with this UPN suffix will NOT be synced with Office 365.
 Reference Image
Reference: alt="Reference Image" />
2. Click the Add new rule button on the View and manage your synchronization rules window.
3. Fill out the appropriate fields on the Description tab and click Next >.
4. On the Scoping filter tab, click Add group, then Add clause, add a userPrincipalName attribute filter, and click Next >.
Attribute: userPrincipalName -
Operator: ENDSWITH -
Value: Your internal UPN suffix prefixed with @ (e.g., @internal.acme.com). Users with this UPN suffix will NOT be synced with Office 365.
 "Referencehttps://www.sidekicktech.com/blog/field-notes/2019/upn-suffix-filtering-ad-connect/

This question is in AZ-303 Microsoft Azure Architect Technologies Exam
For getting Microsoft Certified: Azure Solutions Architect Expert Certificate




Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Microsoft. 
The website does not contain actual questions and answers from Microsoft's Certification Exams.
Trademarks, certification & product names are used for reference only and belong to Microsoft.

Recommended

Welcome Back!

Login to your account below

Create New Account!

Fill the forms below to register

Retrieve your password

Please enter your username or email address to reset your password.