Prevent Resyncing research.fabrikam.com to Azure AD

Prevent Resyncing research.fabrikam.com to Azure AD

Prev Question Next Question

Question

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory forest named fabrikam.com. The forest contains two child domains named corp.fabrikam.com and research.fabrikam.com.

You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com.

You install Azure AD Connect and sync all the on-premises user accounts to the Azure AD tenant. You implement seamless single sign-on (SSO).

You plan to change the source of authority for all the user accounts in research.fabrikam.com to Azure AD.

You need to prevent research.fabrikam.com from resyncing to Azure AD.

Solution: From the Azure Active Directory admin center, you delete a custom domain.

Does this meet the goal?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B.

B

Instead you should customize the default synchronization rule.

Note:

To delete a custom domain name, you must first ensure that no resources in your directory rely on the domain name. You can't delete a domain name from your directory if:

-> Any user has a user name, email address, or proxy address that includes the domain name.

-> Any group has an email address or proxy address that includes the domain name.

-> Any application in your Azure AD has an app ID URI that includes the domain name.

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-create-custom-sync-rule

Answer: B. No.

Explanation:

Deleting a custom domain from the Azure Active Directory admin center will not prevent research.fabrikam.com from resyncing to Azure AD. Custom domains are used to verify ownership of a domain name and configure it for use with Azure AD. Deleting a custom domain will not stop Azure AD Connect from syncing user accounts from research.fabrikam.com to Azure AD.

To prevent research.fabrikam.com from resyncing to Azure AD, you need to configure filtering in Azure AD Connect. You can create a filtering rule to exclude the research.fabrikam.com domain from being synced to Azure AD.

Here are the steps to configure filtering in Azure AD Connect:

  1. Open Azure AD Connect.
  2. Click on "Customize synchronization options" and then click "Next".
  3. Select "Domain and OU filtering" and then click "Next".
  4. Click on "Add a domain".
  5. Enter the domain name you want to exclude (in this case, research.fabrikam.com) and click "Add".
  6. Click "OK" to close the window.
  7. Click "Next".
  8. Review the options and click "Next".
  9. Click "Configure" to save the changes.

Once you have configured filtering, Azure AD Connect will not sync any user accounts from the research.fabrikam.com domain to Azure AD.

Prev Question Next Question