- 1 view
Exam
Answer confirmed
Question
Your network contains an on-premises Active Directory Domain Services (AD DS) domain named contoso.com.
You have an Azure subscription that contains a virtual machine named Server1 that runs Windows Server.
You need to configure Server1 as a domain controller for contoso.com.
Which two actions should you perform? Each correct answer presents part of the solution.
Select all answers that apply.
Proposed answer
- Enable a managed identity for Server1.
- Install the Active Directory Domain Services role on Server1 and promote Server1 to a domain controller.
- Scale up Server1 to a larger virtual machine size to handle the AD DS load.
- Set up a Site-to-Site (S2S) VPN between Server1 with the on-premises network.
Correct answer
- Install the Active Directory Domain Services role on Server1 and promote Server1 to a domain controller.
- Set up a Site-to-Site (S2S) VPN between Server1 with the on-premises network.
- Correct - Setting up a S2S VPN between Server1 and the on-premises network is not a prerequisite for deploying an AD DS forest on a server. It might be used for hybrid scenarios, but it is unnecessary for establishing an AD DS forest. In this case, it is required because you need to add an additional domain controller to the contoso.com on-premises domain.
- Correct - Installing the Active Directory Domain Services role on Server1 and promoting it as a domain controller is the correct step. This will make Server1 a domain controller and allow it to support the deployment of an AD DS forest.
- Incorrect - Scaling up Server1 to a larger virtual machine size might improve performance but is not necessarily required for deploying an AD DS forest. The requirement will depend on the expected load on the server, which is not specified in the question.
- Incorrect - Enabling a managed identity for Server1 is unrelated to deploying an AD DS forest.
Deploy AD DS in an Azure virtual network - Azure Architecture Center | Microsoft Learn