You plan to use Azure Active Directory (AD) Connect as a solution that spans from your on-premises directory to cloud servers.
The on-premises Active Directory contains approximately 200,000 objects. The solution must meet the following requirements:
* Use Azure Multi-Factor Authentication (MFA)
* Ensure that no password hashes are stored in the cloud
* Support smartcard authentication
You need to choose the installation type, version, and hybrid identity option. Choose all that apply:
You should not use password hash synchronization from on-premises to Azure AD for single sign-on. This would be appropriate for Office 365 hybrid scenarios. You also should not recommend pass-through authentication. Although it ensures that no passwords will be stored in the cloud, it does not support smartcard authentication. You should, instead, use federation from on-premises to Azure AD for single sign-on because it allows cloud multi-factor authentication, ensures that no password hashes are stored in the cloud, and supports smartcard authentication.
You should choose the custom installation type because you need to enable cloud multi-factor authentication solutions and you have more than 100,000 objects in the on-premises AD. In-place upgrade performs the upgrade from DirSync or Azure AD Sync. Express installation should be used only when you have less than 100,000 objects in the on-premises AD. You also must have an enterprise administrator account that you can use for the installation.
You should install the full version of SQL Server for the Azure AD Connect database because you have more than 100,000 objects in the on-premises AD. For a smaller number of objects, you can use the default database installation, which is LocalDb. You cannot install SQL Server Express for the Azure AD Connect database because you have more than 100,000 objects in the on-premises AD. The SQL Server Express version has a data size limitation and can use only 1 GB RAM.