Does this meet the goal?

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You manage an Active Directory domain named contoso.local.

You install Azure AD Connect and connect to an Azure Active Directory (Azure AD) tenant named contoso.com without syncing any accounts.

You need to ensure that only users who have a UPN suffix of contoso.com in the contoso.local domain sync to Azure AD.

Solution: You use the Synchronization Service Manager to modify the Active Directory Domain Services (AD DS) Connector.

Does this meet the goal?
A . Yes
B . No

View Answer

Answer: B

Explanation:

Instead use Synchronization Rules Editor to create a synchronization rule.

Note: Filtering what objects are synced to Azure AD is a common request and there are many instances where filtering by OU just doesn’t cut it. One option is to filter users by their UPN suffix so that only users with the public FQDN as their UPN suffix are synced to Azure AD (e.g., [email protected] would be synced while [email protected] would not).

Filtering can be configured using either the GUI (Synchronization Rules Editor) or PowerShell.

Reference: https://www.sidekicktech.com/blog/field-notes/2019/upn-suffix-filtering-ad-connect/