PrepAway - Latest Free Exam Questions & Answers

Which Windows PowerShell command should you run?

Contoso, Ltd., has an Office 365 tenant. You configure Office 365 to use the domain contoso.com, and
you verify the domain. You deploy and configure Active Directory Federation Services (AD FS) and Active
Directory Synchronization Services (AAD Sync) with password synchronization. You connect to Azure
Active Directory by using a Remote PowerShell session.
You need to switch from using password-synced passwords to using AD FS on the Office 365 verified
domain.
Which Windows PowerShell command should you run?

PrepAway - Latest Free Exam Questions & Answers

A.
Convert-MsolDomainToFederated –DomainName contoso.com

B.
Convert-MsolDomainToStandard –DomainName contoso.com

C.
Convert-MsolFederatedUser

D.
Set-MsolDomainAuthentication –DomainName contoso.com

Explanation:
The Convert-MSOLDomainToFederated cmdlet converts the specified domain from standard
authentication to single sign-on (also known as identity federation), including configuring the relying
party trust settings between the Active Directory Federation Services (AD FS) server and the Microsoft
Online Services. As part of converting a domain from standard authentication to single sign-on, eachuser must also be converted. This conversion happens automatically the next time a user signs in; no
action is required by the administrator.
Incorrect:
Not B: This is the opposite to what is required. The Convert-MsolDomainToStandard cmdlet converts the
specified domain from single sign-on (also known as identity federation) to standard authentication. This
process also removes the relying party trust settings in the AD FS server and online service. After the
conversion, this cmdlet will convert all existing users from single sign-on to standard authentication.
Not C: The Convert-MsolFederatedUser cmdlet is used to update a user in a domain that was recently
converted from single sign-on (also known as identity federation) to standard authentication type. A
new password must be provided for the user.
Not D: The Set-MsolDomainAuthentication cmdlet is used to change the domain authentication
between standard identity and single-sign on. This cmdlet will only update the settings in Microsoft
Online Services; typically the Convert-MsolDomainToStandard or Convert-MsolDomainToFederated
should be used instead. Convert-MsolDomainToFederated
https://msdn.microsoft.com/en-us/library/azure/dn194092.aspx


Leave a Reply