Your company network includes an On-Premises Windows Active Directory (AD) that has a
DNS domain named contoso.local and an email domain named contoso.com. You plan to
migrate from On-Premises Exchange to Office 365.
You configure DirSync and set all Azure Active Directory {Azure AD) usernames as
%username%@contoso.onmicrosoft.com.
You need to ensure that each user is able to log on by using the email domain as the
username.
Which two actions should you perform? Each correct answer presents part of the solution.
A.
Verify the email domain in Azure AD domains.
B.
Run the Set-MsolUserPnncipalName -UserPnncipalName %username%@co
ntoso.onmicrosoft.com -NewUserPrincipalName %usemame %@contoso.com Power Shell
cmdlet.
C.
Edit the ProxyAddress attribute on the On-Premises Windows AD user account.
D.
Verify the Windows AD DNS domain in Azure AD domains.
E.
Update the On-Premises Windows AD user account UPN to match the email address.
Explanation:
http://stackoverflow.com/questions/22380653/verify-a-domain-name-inazure-active-directory
http://support.microsoft.com/kb/2643629
What is the right answer on this? AC or AE ?
I think
C and D
* There are two main traffic flows originating from the server hosting the Azure Active Directory Sync tool:
The Azure Active Directory Sync tool queries a domain controller on the on-premises network for changes to accounts and passwords.
The Azure Active Directory Sync tool sends the changes to accounts and passwords to the Azure AD instance of your Office 365 subscription. These changes are sent through the on-premises network’s proxy server.
* Verify that your virtual machine is joined to the domain by checking your internal DNS to make sure that an Address (A) record was added for the virtual machine with the correct IP address from Azure. For the Azure Active Directory Sync tool to gain access to Internet resources, you must configure the server that runs the Azure Active Directory Sync tool to use the on-premises network’s proxy server.
Reference: Deploy Office 365 Directory Synchronization in Microsoft Azure
isnt it c and d?
I think A, E. you edit proxyaddresses attributes only for email addresses change(primayr or alias). for user login name in Office 365, you will need to change UPN on onprem AD or use powershell to change the UPN.
Agreed, A and E are the correct answers.
Seems A & E are correct
http://msdn.microsoft.com/en-us/library/azure/jj151831.aspx
Agreed.
I think the correct answer is D,E. the AD domain must be in the tenant office 365
Agree D and E
https://support.microsoft.com/kb/2523192/
That link actually verifies that it’s A and B.
It tells you to first verify the domain, which in this case is contoso.com (The email domain)
In this KB linked in the article you linked (https://support.microsoft.com/en-us/kb/2669550) it mentions: “However, directory synchronization doesn’t propagate the change from one federated domain directly to another federated domain for a user ID in a Microsoft cloud service such as Office 365, Microsoft Azure, or Microsoft Intune.”
So as a second step, and to “ensure each user is able to log on by using the email domain” you would have to run the Set-MsolUserPrincipalName script.
That’s how I see it, anyway.
Woops sorry meant A and E, you need to verify the domain you want to use as the suffix, not the AD domain, which in this case is .local and unverifiable anyways.
A & E is correct.
Microsoft will not want to ask the customer to run the option in B or C unless it needs troubleshooting or remediation.
Just add the UPN to Domain & Trusts for the AD Forest for Email Domain & Verify it in Azure AD or O365 Portal.
These brain-dumps are really scary!
A & B
https://spbreed.wordpress.com/2014/08/15/powershell-to-change-upnsign-in-names-for-office-365-users/
A & B
Because Keith said so, http://blogs.technet.com/b/askpfeplat/archive/2013/09/02/office-365-amp-single-sign-on-how-to-handle-different-userprincipalname-upn-values.aspx
AGREED WITH @ Romeo
A & B are correct
I have experienced this exact thing before on multiple occasions, I know that B & E both fix it.
B.
Run the Set-MsolUserPnncipalName -UserPnncipalName %username%@co
ntoso.onmicrosoft.com -NewUserPrincipalName %usemame %@contoso.com Power Shell
cmdlet.
Why? It says you need to make sure users can logon using the email domain, this PowerShell script ‘actually’ fixes it instantly so uses can logon, so this answer meets the requirement of the question.
E.
Update the On-Premises Windows AD user account UPN to match the email address.
Why? Could be C here, however C is a little ambiguous, it says to edit the proxyAddress attribute, but doesn’t specify exactly which part of the proxyAddress, so E is more of a direct answer.
Set-MsolUserPnncipalName is for when things need “fixing”
No, the first time you Dir-Sync your UPN , Azure gets whatever you have.
but if you change your UPN ( E ) , you won’t be able to sync the change anymore. That’s when you have to use the Set-MsolUserPnncipalName ( B )
So B and E seems to be correct
“A+E”
This question is being looked at too complex – no way B is part of the answer.
If you plan to use single sign-on with the cloud service, we recommend that you help prepare your Active Directory environment by running the Microsoft Deployment Readiness Tool. This tool inspects your Active Directory environment and provides a report that includes information about whether you are ready to set up single sign-on. If not, it lists the changes you need to make to prepare for single sign-on.
>>> For example, it inspects whether your users have UPNs and if those UPNs are in the correct format. To download the tool, see Microsoft Deployment Readiness Tool.
Okay I have changed my mind! “A+B”
After reading this:
If you have already set up Active Directory synchronization, the user’s UPN may not match the user’s on-premises UPN defined in Active Directory. To fix this, rename the user’s UPN using the Set-MsolUserPrincipalName cmdlet in the Microsoft Azure Active Directory Module for Windows PowerShell.
https://msdn.microsoft.com/en-us/library/azure/jj151786.aspx
It cannot be E; we will consider E when we have Hybrid or ADFS type scenario. This is simple DirSync with Password sync; all you need is to just add the domain (E) and then set the right UPN value so that users can sign in with their @contoso.com UPN (A)
Hence A + E
Ahh.. I mean “A + B” typo!
Its not B.
The question is of type, “You plan do do stuff. How do you prepare?”
In particular:
-Users have to logon in with @contoso.com
-Email probably has to work.
-Using a non-routable domain On-Prem (https://support.office.com/en-us/article/How-to-prepare-a-non-routable-domain-such-as-local-domain-for-directory-synchronization-e7968303-c234-46c4-b8b0-b5c93c6d57a7?ui=en-US&rs=en-US&ad=US)
From:
https://support.office.com/en-us/article/Prepare-to-provision-users-through-directory-synchronization-to-Office-365-01920974-9e6f-4331-a370-13aea4e82b3e
“For best synchronization experience, ensure that the on-premises Active Directory UPN matches the cloud UPN.” (E)
This fulfills users logging on with [email protected]
From:
https://support.office.com/en-us/article/Add-your-users-and-domain-to-Office-365-6383f56d-3d09-4dcb-9b41-b5f5a5efd611?ui=en-US&rs=en-US&ad=US
“Step 1: Verify your domain in Office 365” (A)
This goes a long way towards helping out that Prince in Nigeria who is having a tough time.
2 down, 2 requested. A and E are the two answers.
B:
Appears in https://support.microsoft.com/en-us/kb/2523192,https://support.microsoft.com/en-us/kb/2669550
Since we are planning ahead and not fixing after the fact, we shouldn’t need to do this.
C:
We can’t just do the Proxy Address. The UPN has be correct as well.
D:
I doubt we need to verify the built-in domain.
Oops, D: The current domain is contoso.local and trying to verify it in Azure does nothing for us.
This is still unanswered.
From https://support.microsoft.com/en-us/kb/2523192, solution scenario 1 says to fix the UPN suffix. But would we want to do this for ALL USERS ??? How many such updates will you do manually?
The above link points to the link with a “WORKAROUND”: https://support.microsoft.com/en-in/kb/2669550
Method 1 seems right and points to our Answer B
Method 2 does the fixes on a Domain Controller. Should this even be considered for the answer? It says to verify that the user name changed in the cloud service. I am guessing that this is hinting at A (?)
I am inclined to saying A+B, but not certain even after so much reading… Grrr!
PowerShell arguments are wrong with B ==>
-UserPnncipalName, which represents the ‘original’ user ID, points to the new name ==> (%username%@contoso.onmicrosoft.com)
-NewUserPrincipalName, which points to the new ID for user, points to old name ==> %usemame %@contoso.com
I think PowerShell arguments for B is correct.
Question states the following-
…and an email domain named contoso.com.
…you set all Azure Active Directory {Azure AD) usernames as
%username%@contoso.onmicrosoft.com.
…ensure that each user is able to log on by using the email domain as the
username.
Going by that-
usernames was originally set by you as “%username%@contoso.onmicrosoft.com”. Now you need to fix it to set it the “email domain” as the username which I think should be set to “%username%@contoso.com”.
But I am still unsure of the answers (after so much reading)!!! God help the candidates taking this exam.
Superb web page you have there
cs:go http://istud.in/classifieds/29/82/csgo-skins-newest-android-2012-to-activities
A+B
https://msdn.microsoft.com/en-us/library/azure/jj151786.aspx
Like challenge said.