Contoso, Ltd., has an Office 365 tenant. You configure Office 365 to use the domain contoso.com,
and you verify the domain. You deploy and configure Active Directory Federation Services (AD FS)
and Active Directory Synchronization Services (AAD Sync) with password synchronization. You
connect to Azure Active Directory by using a Remote PowerShell session.
You need to switch from using password-synced passwords to using AD FS on the Office 365 verified
domain.
Which Windows PowerShell command should you run?
A.
Convert-MsolDomainToFederated –DomainName contoso.com
B.
Convert-MsolDomainToStandard –DomainName contoso.com
C.
Convert-MsolFederatedUser
D.
Set-MsolDomainAuthentication –DomainName contoso.com
Explanation:
The Convert-MSOLDomainToFederated cmdlet converts the specified domain from standard
authentication to single sign-on (also known as identity federation), including configuring the relying
party trust settings between the Active Directory Federation Services (AD FS) server and the
Microsoft Online Services. As part of converting a domain from standard authentication to single
sign-on, each user must also be converted. This conversion happens automatically the next time a
user signs in; no action is required by the administrator.
Incorrect:
Not B: This is the opposite to what is required. The Convert-MsolDomainToStandard cmdlet converts
the specified domain from single sign-on (also known as identity federation) to standard
authentication. This process also removes the relying party trust settings in the AD FS server andonline service. After the conversion, this cmdlet will convert all existing users from single sign-on to
standard authentication.
Not C: The Convert-MsolFederatedUser cmdlet is used to update a user in a domain that was
recently converted from single sign-on (also known as identity federation) to standard
authentication type. A new password must be provided for the user.
Not D: The Set-MsolDomainAuthentication cmdlet is used to change the domain authentication
between standard identity and single-sign on. This cmdlet will only update the settings in Microsoft
Online Services; typically the Convert-MsolDomainToStandard or Convert-MsolDomainToFederated
should be used instead.Convert-MsolDomainToFederated
https://msdn.microsoft.com/en-us/library/azure/dn194092.aspx
http://social.technet.microsoft.com/wiki/contents/articles/17857.dirsync-how-to-switch-from-single-sign-on-to-password-sync.aspx
Usually I do not read post on blogs, however I wish to say that this write-up very pressured me to try and do it! Your writing taste has been surprised me. Thanks, quite great article.|
Undeniably believe that which you said. Your favorite justification seemed to be on the web the simplest thing to be aware of. I say to you, I certainly get irked while people consider worries that they plainly do not know about. You managed to hit the nail upon the top and defined out the whole thing without having side-effects , people could take a signal. Will probably be back to get more. Thanks|