Q: 14
Note: The question is included in a number of questions that depicts the identical set-up. However,
every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company has an Active Directory forest with a single domain, named weylandindustries.com.
They also have an Azure Active Directory (Azure AD) tenant with the same name.
You have been tasked with integrating Active Directory and the Azure AD tenant. You intend to
deploy Azure AD Connect.
Your strategy for the integration must make sure that password policies and user logon limitations
affect user accounts that are synced to the Azure AD tenant, and that the amount of necessary
servers are reduced.
Solution: You recommend the use of federation with Active Directory Federation Services (AD FS).
Does the solution meet the goal?
Options
Discussion
B, not A
B vs A, because AD FS definitely adds more servers which doesn't fit the "reduce servers" part, even if it controls password policy. That extra infrastructure is a common trap. Pretty sure B is what they're looking for, but open to other takes.
Agreed with B here. Using AD FS does let you keep on-prem password and logon policies, but it means spinning up extra servers (AD FS + proxies), which is more infrastructure, not less. Azure AD Connect with Password Hash Sync would hit both requirements better. Pretty sure that's what they're getting at.
A , since federation with AD FS lets you enforce on-prem password policies and logon restrictions. I always thought that's what you'd want for synced accounts, right? Server count goes up but seems worth it for control.
Its B. Saw a similar question in recent exam reports, federation with AD FS actually needs more servers, which goes against the requirements.
Be respectful. No spam.
