Microsoft 365 Administrator Expert MS-102 Practice Question
Contoso plans to decommission its existing Microsoft Entra Connect Sync server and replace it with Microsoft Entra Cloud Sync. The on-premises Active Directory environment contains three domains across two forests that have a two-way forest trust. The new solution must meet the following requirements:
Synchronize user and group objects from every domain.
Exclude all computer objects and service accounts that are located outside the Service Accounts organizational unit (OU).
Continue to provide Seamless Single Sign-On (SSO) for domain-joined Windows 10 and Windows 11 devices.
Minimize the number of additional servers that must remain on-premises.
You are designing the Cloud Sync deployment.
Which configuration should you implement to meet all of the requirements?
Retain Microsoft Entra Connect Sync for the primary forest and deploy a Cloud Sync agent in the secondary forest with device writeback enabled.
Install one Cloud Sync agent in each forest, enable Password Hash Sync with Seamless SSO, and configure combined domain-based and OU-based filtering.
Install a single Cloud Sync agent in the primary forest, enable Password Hash Sync with Seamless SSO, and configure only OU-based filtering.
Install Cloud Sync agents in every domain, enable Pass-Through Authentication with Seamless SSO, and use group-based filtering.
Microsoft Entra Cloud Sync requires at least one provisioning agent in each on-premises Active Directory forest. Installing a single agent per forest allows the service to discover and synchronize objects from every trusted domain in that forest while keeping the server count to a minimum. Cloud Sync supports only Password Hash Synchronization but can enable Seamless SSO alongside PHS, which satisfies the sign-in requirement for domain-joined Windows 10 and Windows 11 devices. Combining domain-based filtering (to include all three domains) with OU-based filtering (to include only objects inside the Service Accounts OU) meets the scoping requirement while excluding unwanted computer and service-account objects. Alternatives such as Pass-Through Authentication, device writeback, or deploying an agent in every domain are either unsupported or introduce unnecessary servers, so they do not meet the stated goals.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Microsoft Entra Cloud Sync?
Open an interactive chat with Bash
How does Password Hash Synchronization (PHS) work?
Open an interactive chat with Bash
Why is combined domain-based and OU-based filtering important?
Open an interactive chat with Bash
Microsoft 365 Administrator Expert MS-102
Implement and manage Microsoft Entra identity and access
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .