U.S. Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Microsoft SC-300 Exam - Topic 1 Question 132 Discussion

Your network contains an Active Directory forest named contoso.com that is linked to an Azure Active Directory(Azure AD) tenant named contoso.com by using Azure AD Connect.You need to prevent the synchronization of users who have the extensionAttribute15 attribute set toNoSync.What should you do in Azure AD Connect?
C) Create an inbound synchronization rule for the Active Directory Domain Services connector.
A) Create an inbound synchronization rule for the Windows Azure Active Directory connector.
B) Configure a Full Import run profile.
D) Configure an Export run profile.

Microsoft SC-300 Exam - Topic 1 Question 132 Discussion

Actual exam question for Microsoft's SC-300 exam
Question #: 132
Topic #: 1
[All SC-300 Questions]

Your network contains an Active Directory forest named contoso.com that is linked to an Azure Active Directory

(Azure AD) tenant named contoso.com by using Azure AD Connect.

You need to prevent the synchronization of users who have the extensionAttribute15 attribute set to

NoSync.

What should you do in Azure AD Connect?

Show Suggested Answer Hide Answer
Suggested Answer: C

In Azure AD Connect, filtering which users synchronize is achieved via synchronization rules. The SC-300 study content explains that to exclude objects based on an on-premises attribute (for example, extensionAttribute15=NoSync), you create an inbound rule on the Active Directory Domain Services (AD DS) connector. Inbound rules control the flow of data from AD DS into the metaverse, where you can use a scoping filter to mark objects as filtered (often via the cloudFiltered projection), preventing them from being provisioned to Azure AD. The official guidance highlights that inbound rules on the AD DS connector are used for attribute-based filtering and that export or run profiles (Full Import/Export) do not define logic; they only execute the configured rules. Therefore, to stop users with extensionAttribute15=NoSync from syncing, you create an inbound synchronization rule on the AD DS connector with a condition on that attribute to exclude those users from synchronization.


Contribute your Thoughts:

0/2000 characters

Currently there are no comments in this discussion, be the first to comment!


Save Cancel