Implement directory synchronization tools - knowledge check question

Kamil Dobrzelewski 20 Reputation points
2024-04-03T08:02:26.5633333+00:00

Hello,
I am going to renew my SC-300 certification and in order to do that I am doing renewal assessment.

I've ended a chapter and I've been provided with knowledge check:

Are those question and answers correct?
User's image

Ad.1 - IMHO this question is not precisely asked. You CAN have more than one Microsoft Entra Connect server connected to a single Entra ID tenant, but it has to be in staging mode. I've choosen this because other answers were incorrect imho.

According to Microsoft correct answer is that Entra Connect CAN be installed on NON-DOMAIN joined server which is... not true.

https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-install-prerequisites#installation-prerequisitesUser's image

Ad.2 - Question is about "successfully synchronize your directory to Microsoft 365". There should be an answer including Global Admin or Hybrid Identity Administrator. Is it true that Local administrator can "successfully synchronize your directory to Microsoft 365"? I doubt.

Please correct me if I am wrong or I am missing something. :)
https://learn.microsoft.com/en-us/training/modules/implement-directory-synchronization-tools/7-knowledge-check

You can find this knowledge check under this link.

Azure Training
Azure Training
Azure: A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.Training: Instruction to develop new skills.
1,633 questions
{count} votes

Accepted answer
  1. Srinud 2,320 Reputation points Microsoft Vendor
    2024-04-05T17:15:23.6733333+00:00

    Hi Kamil D,

    Thank you for your patience and apologies for the delayed response.

    According to the documentation, the installation prerequisites specify domain-joined servers. However, it is also possible to install Microsoft Entra Connect on a non-domain joined server. This statement is valid due to the following explanation:

    Microsoft Entra Connect is engineered to deliver authentication and access control functionalities irrespective of whether the server is integrated into a domain environment or not. This adaptability empowers organizations to implement Entra Connect across diverse network configurations, including standalone environments where servers may not be affiliated with a domain. Hence, installing Entra Connect on a non-domain joined server constitutes a legitimate and supported configuration.

    While less prevalent, there may exist scenarios necessitating the management of identities from a server not included in the domain. For instance, this could be applicable in cases where a distinct management network is established or connectivity to external systems is required. Consequently, deploying Entra Connect on a non-domain joined server is a possible approach.

    It is essential to recognize that the selection of server type depends on the specific requirements, security policies, and best practices of the organization. Consequently, it is imperative to carefully consider the security implications and ensure the implementation of proper access controls regardless of the chosen server type.

    If the provided information proves beneficial, please indicate your approval by clicking the "Upvote" or "Accept Answer" button.


2 additional answers

Sort by: Most helpful
  1. anand 220 Reputation points
    2024-04-03T08:21:03.41+00:00

    Hi Kamil Dobrzelewski,

    Please note that Microsoft Certification / Exams is currently not supported in the Q&A forums, the supported products are listed over here https://learn.microsoft.com/en-us/answers/products.

    You can ask the experts in the dedicated Microsoft Certification - Certifications - Renewal forum over here: https://trainingsupport.microsoft.com/en-us/mcp/forum/mcp_cert-mcp_recert

    User's image

    (If the reply was helpful, please don't forget to upvote and/or accept as answer, thank you)


  2. Srinud 2,320 Reputation points Microsoft Vendor
    2024-04-03T15:25:02.54+00:00

    Hi Kamil D,

    Thank you for your patience, and I apologize for the delayed response.

    Regarding the query in question 1, the option "Microsoft Entra Connect can be installed on a domain controller, member server, or non-domain joined server" is correct. The option mentioning multiple Microsoft Entra Connect Sync servers connected to the same Microsoft Entra tenant is not supported, except for a staging server, which is not specified in the given options. Therefore, the provided response is accurate, as we must choose the best option from the given choices.

    Regarding question 2, it is indeed true that a local administrator can "successfully synchronize your directory to Microsoft 365." The administrator responsible for installing Microsoft Entra Connect must possess local Administrator permissions on the computer where the installation takes place. After the initial setup, the Global Administrator role is not required. Instead, the only account necessary is the Directory Synchronization Accounts role account.

    Please do not hesitate to contact us if you have any further inquiries.

    If the information provided has been beneficial to you, kindly accept the answer by clicking on the "Upvote and Accept Answer" button on the post. Your feedback is valuable and will assist others facing similar queries.

    Thank you.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.