Prevent Resyncing research.fabrikam.com to Azure AD
Question
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory forest named fabrikam.com. The forest contains two child domains named corp.fabrikam.com and research.fabrikam.com.
You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com.
You install Azure AD Connect and sync all the on-premises user accounts to the Azure AD tenant. You implement seamless single sign-on (SSO).
You plan to change the source of authority for all the user accounts in research.fabrikam.com to Azure AD.
You need to prevent research.fabrikam.com from resyncing to Azure AD.
Solution: You use Active Directory Domains and Trusts from a computer joined to fabrikam.com.
Does this meet the goal?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B.B
Instead you should customize the default synchronization rule.
Note:
To delete a custom domain name, you must first ensure that no resources in your directory rely on the domain name. You can't delete a domain name from your directory if:
-> Any user has a user name, email address, or proxy address that includes the domain name.
-> Any group has an email address or proxy address that includes the domain name.
Any application in your Azure AD has an app ID URI that includes the domain name.
The proposed solution of using Active Directory Domains and Trusts from a computer joined to fabrikam.com does not meet the goal of preventing research.fabrikam.com from resyncing to Azure AD.
Active Directory Domains and Trusts is a management tool used to manage trust relationships between domains in a forest. It is not used to manage Azure AD Connect or Azure AD synchronization.
To prevent research.fabrikam.com from resyncing to Azure AD, you need to disable directory synchronization for the research.fabrikam.com domain. This can be achieved by modifying the synchronization settings in the Azure AD Connect configuration.
To disable directory synchronization for research.fabrikam.com, perform the following steps:
- Log in to the server running Azure AD Connect.
- Open the Azure AD Connect configuration wizard.
- Click on the "Configure" option to modify the synchronization settings.
- On the "Optional Features" page, uncheck the box next to "Exchange hybrid deployment".
- On the "Connect to Azure AD" page, select "Do not configure" for the Azure AD sign-in configuration.
- On the "Ready to configure" page, click the "Install" button to save the changes.
These steps will disable directory synchronization for research.fabrikam.com and prevent it from resyncing to Azure AD.
In summary, the proposed solution using Active Directory Domains and Trusts does not meet the goal of preventing research.fabrikam.com from resyncing to Azure AD. To achieve this goal, you need to modify the synchronization settings in the Azure AD Connect configuration.