Your network contains an on-premises Active Directory Domain Services (AD DS) domain and a Microsoft Entra tenant.
You need to configure synchronization between the AD DS domain and the Microsoft Entra tenant.
What should you do?
Select only one answer.
Deploy Microsoft Entra Connect to a server on the on-premises network.
This answer is correct.
Enable Microsoft Entra Domain Services for the Microsoft Entra tenant. Install the Active Directory Domain Services role on an Azure virtual machine. Set up a Site-to-Site (S2S) VPN between the on-premises network and the Azure virtual network.
Correct - Microsoft Entra Connect is the tool that provides synchronization between on-premises AD DS and Microsoft Entra. Deploying Microsoft Entra Connect to a server on the on-premises network is the correct solution.
Incorrect - Enabling Microsoft Entra Domain Services for the Microsoft Entra tenant provides managed domain services, such as domain join, Group Policy, LDAP, and Kerberos/NTLM authentication. It does not directly sync an on-premises AD DS with a Microsoft Entra tenant.
Incorrect - Installing the AD DS role on an Azure virtual machine creates an instance of AD DS in the cloud, but it does not configure synchronization with an on-premises AD DS domain.
Incorrect - Setting up an S2S VPN between the on-premises network and the Azure network can enable hybrid scenarios where resources can be accessed from both networks. However, it is not the way to configure synchronization between AD DS and Microsoft Entra tenant.
What is Azure AD Connect cloud sync? - Microsoft Entra | Microsoft Learn