- 1 view
Your network contains an on-premises Active Directory Domain Services (AD DS) domain named contoso.com. The functional level of the forest and the domain is Windows Server 2016. All domain controllers run Windows Server 2022.
You have a Microsoft Entra tenant.
You need to sync contoso.com to Microsoft Entra tenant. The solution must meet the following requirements:
- All users must be managed from the AD DS domain.
- Authentication for cloud-based resources must be performed by Microsoft Entra.
Which Microsoft Entra Connect Sync configuration should you configure?
Select only one answer.
Password hash sync
This answer is correct.
Federation with Active Directory Federation Services (AD FS) Password writeback Group writeback
Microsoft Entra Connect with password hash synchronization addresses the required result, as it syncs users to Microsoft Entra tenant, together with their password hashes, but user objects are always mastered in local AD DS. When synchronized users access cloud resources, Microsoft Entra can authenticate them, as it has their password hash.
A solution with AD FS results in users always being authenticated by local AD DS. Password writeback, group writeback, and pass-through authentication are features that enable the management of user object attributes from the Microsoft Entra, which is not required.