Implement and Manage Identities Using Azure AD

Question 1

What is Azure AD Connect?

Answer 1

• Integrates AD on-prem with Azure AD
• Tool to configure AD synchronization and sign-in
• Implements use of same login credentials
• Replaces older identity integration tools
○ Replaces Dirsyncs and Azure AD Sync, it contains the functionality but with some added features.

Question 2

What components are required for Azure AD connect?

Answer 2

○ O365 subscription
○ Azure AD within the subscription
○ On-premises domain controller with AD

Question 3

What tools do you get when you install Azure AD connect?

Answer 3

Synchronisation
Active Directory Federation Services (AD FS)
Health Monitoring

Question 4

What does synchronisation tool do?

Answer 4

○ Responsible for creating user groups and other object.

Will also make sure that the on-premises identity information is matching with the information in the cloud.

Question 5

What does the AD FS tool do?

Answer 5

Can use this to configure a hybrid environment. Used more for a complex environment.

Question 6

What does the health monitoring tool do?

Answer 6

○ Central repository to view the Azure AD connect health.
○ Health Portal shows what’s happening for the following:
§ AD FS
§ Synchronisation
§ AD DS (Active Directory Directory Services)
§ Need to install Health agents on the target servers that you want the tool to run on.

Question 7

Does Azure AD connect sync expired accounts?

Answer 7

• Azure AD Connect does not synchronise the accountExpires attribute. Therefore if a users account expires on prem they will still be able to login to exchange but not to on-prem.

Question 8

What does the IDFIX tool do?

Answer 8

○ Can download this from Microsoft website.
§ Locate, Download and install tool
○ Will look through the environment and identify errors that may possibly occur during the synchronisation. Such as:
§ Duplicates
§ Formatting errors
§ Attempts to repair object to prepare for sync
□ Will do this prior to the synchronisation to O365
□ Depending on the error it may even try fix the issue for you.

Question 9

What is OBJModel (Azure right management (Exchange online))?

Answer 9

Right to enable the option to run macros and to remotely access email content. This also allows for other programmatic access to email content.

Question 10

What is Forward (Azure right management (Exchange online))?

Answer 10

Right to enable the option to edit the To: CC: lines in an email and to resent the email to another organisation that uses the Outlook Web App. Granting this right also grants the EDIT and DOCEDIT rights. No rights are granted to any users added as recipients through this right.

Question 11

What is Export (Azure right management (Exchange online))?

Answer 11

Right to enable the option to save the email as an unencrypted form. It enables saving the email under a different name and in a format that does not support encryption. If not granted, an email can still be saved in a different format, but only if the format supports Rights Management protection, including encryption.

Question 12

What is Edit (Azure right management (Exchange online))?

Answer 12

○ Right to enable the option of modify the contents of an email and save the changes. Any documents to which this right is granted must be saved to the same location.

Question 13

What is DOCEDIT (Azure right management (Exchange online))?

Answer 13

○ This right lets your modify and format the content, but does not let you save the changes.

Question 14

What is Owner (Azure right management (Exchange online))?

Answer 14

This grants all rights to remove protection.

Question 15

What is Reply (Azure right management (Exchange online))?

Answer 15

This grants the right to reply to one on more of the message recipients and add new content, but does not let you modify the To: or CC field.

Question 16

What does configuring MasterPage.master.cs file do?

Answer 16

You can change the text that appears above the sign-on page as an ASP.NET web application. The CommonResource

Question 17

What does configuring web.config allow you to do?

Answer 17

○ Allows you to add a custom logo to the AD FS 2.0 sign-on page, you need to copy the imagine file to c:\inetpub\adfs\ls. Next you need to add the the web.config file.
§

Question 18

What does configuring commonresources.en.resx allow you to do?

Answer 18

○ Can modify the text on the login form. For example, you can change the example text or instruction text.

Question 19

What is a Cutover Migration and when would you use it?

Answer 19

As part of the O365 deployment, you can migrate the contents of user mailboxes from a source email system (on-prem) to O365. When you do this all at one time it’s called a cutover migration. Choosing a cutover migration is suggested when.
• Your current on-premises Exchange organization is Microsoft Exchange Server 2003 or later.
• Your on-premises Exchange organization has fewer than 2,000 mailboxes.
• Even though cutover migration supports moving up to 2000 mailboxes, due to the length of time it take to create and migrate the 2,000 users, it more reasonable to migrate 150 user or less.

Question 20

What is a staged migration and when would you use it?

Answer 20

As part of the O365 deployment, you can migrate the contents of user mailboxes from a source email system (on-prem) to O365. When you do this over time it’s called a staged migration. Choosing a staged migration is suggested when.
• Your source email system is Microsoft Exchange Server 2003 or 2007.
○ Exchange Server 2003 and 2007 are out of support. Support for Exchange 20003 ended on April 8, 2014 support for 2007 ended 2017.
○ You can’t use a staged migration to migrate Exchange 2013 or 2010 mailboxes to O365. Consider using a cutover migration or a hybrid email migration instead.
• You have more than 2,000 mailboxes.

Question 21

What is an express mailbox migration?

Answer 21

You can use minimal hybrid also known as express migration option in the exchange hybrid configuration wizard to migrate the contents of user mailboxes to O365 over a course of couple weeks or less.
• Running at least one Exchange 2010, Exchange 2013, and/or Exchange 2016 server on-premises.
• Plan to move to Exchange Online over a course of few weeks or less.
• Do not plan to continue to run directory synchronization to manage your users.

Question 22

What is a hybrid mailbox migration?

Answer 22

A hybrid deployment offers organisations the ability to extend the feature-rich experience and administration control they have with their existing on-premise Microsoft Exchange organisation to the cloud. A hybrid deployment provides the seamless look and feel of a single exchange organisation between on prem exchange organisation and exchange online in Microsoft 365.