PrepAway - Latest Free Exam Questions & Answers

Which Windows PowerShell command should you run?

Contoso, Ltd., has an Office 365 tenant.
You configure Office 365 to use the domain contoso.com, and you verify the domain.
You deploy and configure Active Directory Federation Services (AD FS) and Active DirectorymSynchronization Services (AAD Sync) with password synchronization.
You connect to Azure Active Directory by using a Remote PowerShell session.
You need to switch from using password-synced passwords to using AD FS on the Office 365 verified domain.
Which Windows PowerShell command should you run?

PrepAway - Latest Free Exam Questions & Answers

A.
Convert-MsolDomainToFederated -DomainName contoso.com

B.
Convert-MsolDomainToStandard -DomainName contoso.com

C.
Convert-MsolFederatedUser

D.
Set-MsolDomainAuthentication -DomainName contoso.com

Explanation:

The Convert-MSOLDomainToFederated cmdlet converts the specified domain from standard
authentication to single sign-on (also known as identity federation), including configuring the
relying party trust settings between the Active Directory Federation Services (AD FS) server and
the Microsoft Online Services. As part of converting a domain from standard authentication to
single sign-on, each user must also be converted. This conversion happens automatically the
next time a user signs in; no action is required by the administrator.
Incorrect:
Not B: This is the opposite to what is required. The Convert-MsolDomainToStandard cmdlet
converts the specified domain from single sign-on (also known as identity federation) to standard
authentication. This process also removes the relying party trust settings in the AD FS server and
online service. After the conversion, this cmdlet will convert all existing users from single sign-on
to standard authentication.
Not C: The Convert-MsolFederatedUser cmdlet is used to update a user in a domain that was
recently converted from single sign-on (also known as identity federation) to standard
authentication type. A new password must be provided for the user.
Not D: The Set-MsolDomainAuthentication cmdlet is used to change the domain authentication
between standard identity and single-sign on. This cmdlet will only update the settings in
Microsoft Online Services; typically the Convert-MsolDomainToStandard or ConvertMsolDomainToFederated should be used instead. Convert-MsolDomainToFederated
https://msdn.microsoft.com/en-us/library/azure/dn194092.aspx


Leave a Reply