You are the Office 365 administrator for your company. The company synchronizes the local Active
Directory objects with a central identity management system.
The environment has the following characteristics:
• Each department has its own organizational unit (OU).
• The company has OU hierarchies for partner user accounts.
• All user accounts are maintained by the identity management system.
You need to ensure that partner accounts are NOT synchronized with Office 365.
What should you do?
A.
Configure OU-based filtering by using the Windows Azure Active Directory Sync tool.
B.
In the Windows Azure Active Directory portal, configure OU-based filtering.
C.
Configure user attribute-based filtering by using the Windows Azure Active Directory Sync tool.
D.
In the Windows Azure Active Directory portal, configure user attribute-based filtering.
I think A because the users are organized in OU’s. You don’t know how the attributes are filled in.
I also think of A because I do it that way :). But I still use Forefront identity manager.
Maybe C ?
http://technet.microsoft.com/en-us/library/jj710171.aspx
No, it’s A. The article states the following options and since the partners are separated by OU and not user attributes it’s A
The following three filtering configuration types can be applied to the Directory Synchronization tool:
Organizational-unit (OU)–based: You can use this filtering type to manage the properties of the SourceAD Management Agent in the Directory Synchronization tool. This filtering type enables you to select which OUs are allowed to synchronize to the cloud.
Domain-based: You can use this filtering type to manage the properties of the SourceAD Management Agent in the directory synchronization tool. This type enables you to select which domains are allowed to synchronize to the cloud
User-attribute–based: You can use this filtering method to specify attribute-based filters for user objects. This enables you to control which objects should not be synchronized to the cloud.
Definitely C. It is stated that ALL user accounts are maintained by the identity management system. Therefore, you can only filter accounts using attributes
Put down the pipe Bas…it’s C. You can filter based on the following:
OU
Domain
User-attribute
If they are already sorted in OU’s then use the OU.
https://technet.microsoft.com/en-us/library/jj710171.aspx
I need to put down the pipe too…I meant it’s A..OU Filtering.
The question also states that the users are organised in OUs and more specifically that the partners are in their own OU… OU filtering requires the least admin effort in this circumstance so I say A.
Why not A, if the company has OU partner OU and we can do Organizational-unit (OU)–based: You can use this filtering type to manage the properties of the SourceAD Management Agent in the Directory Synchronization tool. This filtering type enables you to select which OUs are allowed to synchronize to the cloud.
OU filtering allows you to uncheck OUs you DONT want to sync to O365. http://msexchangeguru.com/2012/08/10/office-365-2/
Whoever that is in charge of this site should let us know which answer is correct and why?
I see some answers with some details explaining which one should be picked up but whoever says c is right should let us know why.
The owners of the site probably do not know. Many of these answers are incorrect initially until the message board corrects them.
So why isn´t OU filter correct?
the identity manager can use ou. correct?
I believe C is correct. OU-based filtering can be done but this requires you specifying what OUs can be sync’d, whereas the question asks what should NOT be sync’d, which is how the user-attribute filtering works.
https://technet.microsoft.com/en-us/library/jj710171.aspx
Paddy… C is correct or I’ll let them throw me in the paddy wagon
http://www.urbandictionary.com/define.php?term=paddy%20wagon
It’s A…off to the paddy wagon.
Paddy is absolutely right.
You need to ensure that partner accounts are NOT synchronized with Office 365.
User-attribute–based: This enables you to control which objects should NOT be synchronized to the cloud.
I think it has to be A
This option is least administrative effort and in the question there are two bullet points regarding OU configuration. Why mention the OU configuration if this is not relevant?
3 ways to filter –
domain
OU
user attribute
all can be configured on the connection filter, but in this scenario OU would be the best option… well that’s what i would do.
It’s A without question due to the fact that the departments and partner user accounts are organized by OU. There’s nothing in the question that indicates a user attribute is set to identify the department and partner accounts.
Agree with Justin. We don’t have an attribute to exclude the partner, so we have to filter by OU, and “A” is the correct answer.
I say A too
I think both A and C could be right.
However in the question lies the answer ” The company has OU hierarchies for partner user accounts” So why go granular when the partners are the in OU, which would make it A.
SO A final answer.
Crazy !!! I mean in the question. A is still the answer
I would say A.
We could have used C if we knew anything about the Partner Accounts but we don’t. How should we filter out those accounts? But we do know for sure that partner accounts are organized in OUs. So we could select all other OUs which should be synced.
I would choose C
set a attribute for the accounts in the organization or partners
Experience tells me that with regards to MS exams, you have to limit yourself to the question and the info which is given. Don’t make assumptions. You need to make sure that partner accounts are NOT synchronized. This is what user-attribute filtering does… filter out objects which you do NOT want to synchronize. Is the question not mentioning a user-attribute for partner accounts? Well… actually it is. You can use the “distinguishedName” attribute to filter out all users where that attribute contains “OU=xxxx”. OK, this might not be the most ideal method, but choosing the “best” method or method with “least administrative effort” was not part of the question. So, I’m going for C here.
Using the actual tool AADSync. You choose the OUs to sync and so you would just uncheck the box next to the partner OU.
Also the connection filter excludes based upon user attribute like the DN.
I suspect the real exam question may be clearer.
Personally IRL I would use the OU because there are likely to be other OUs that you don’t want to sync.
hi,
i need valid dumps of 70-411 exam plz share me
email id: [email protected]
Please share me exam 70-346. [email protected]
Organizational-Unit–based: This filtering option enables you to select which OUs will synchronize to Azure AD. This option will be on all object types in selected OUs.
Attribute–based: This option allows you to filter objects based on attribute values on the objects. You can also have different filters for different object types.
Attribute based, enabling you to control which objects shouldn’t be synchronized to the cloud based on their AD attributes.
– Each department has its own organizational unit (OU).
– The company has OU hierarchies for partner user accounts.
Question is what does that second line mean? Does it mean that each partner has its own OU as all the internal departments also have their OU? Or does this mean that partners are somewhere in a hierarchy below the organisations department OU of which it is a partner?
EG is it ordered like A:
OU Finances
-some folder
-internal accounts
OU Sales
-some folder
-internal accounts
OU Partner X
-some folder
-external accounts
OU Partner Y
-some folder
-external accounts
Or ordered like B:
OU Finances
-some folder
-internal accounts
-some folder for partner X
-external accounts
-some folder for partner Y
-external accounts
OU Sales
-some folder
-internal accounts
-some folder for partner Y
-external accounts
-some folder for partner Z
-external accounts
Both options have some form of OU Hierarchies for partner accounts. No clue what is actually intended by the question.
With Option A answer A would suffice, although Answer C would also work but would require more work.
With Option B answer A is not going to work, Answer C could and should work depending on which attributes there is available and that you’d manage to correctly filter on that attribute.
How to configure filtering is shown here:
https://azure.microsoft.com/nl-nl/documentation/articles/active-directory-aadconnectsync-configure-filtering/
Figuring out the answer would be required for an exam, but for your work it would suffice if you’d just know how to actually configure it.