Your network contains two Active Directory forests. Each forest contains two domains.
You plan to configure Hybrid Azure AD join for the computers.
You create a Microsoft Azure Active Directory (Azure AD) tenant.
You need to ensure that the computers can discover the Azure AD tenant.
What should you create?
A . a new computer account for each computer
B . a new service connection point (SCP) for each domain
C . a new trust relationship for each forest
D . a new service connection point (SCP) for each forest
Answer: D
Explanation:
Your devices use a service connection point (SCP) object during the registration to discover Azure AD tenant information. In your on-premises Active Directory instance, the SCP object for the hybrid Azure AD joined devices must exist in the configuration naming context partition of the computer’s forest. There is only one configuration naming context per forest. In a multi-forest Active Directory configuration, the service connection point must exist in all forests that contain domain-joined computers.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-manual
Leave a Reply