Microsoft - AZ-801: Configuring Windows Server Hybrid Advanced Services
Sample Questions
Question: 315
Measured Skill: Migrate servers and workloads (20-25%)
You have the servers shown in the following table.
You plan to migrate file shares from Server1 to Server2.
You need to deploy the Storage Migration Service and the Storage Migration Service extension.
On which server should you install each component?
(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)
| A | Storage Migration Service: Server1
Storage Migration Service extension: Server2 only |
| B | Storage Migration Service: Server1
Storage Migration Service extension: Server1 only |
| C | Storage Migration Service: Server2
Storage Migration Service extension: Server1 and Server2 only |
| D | Storage Migration Service: Server2
Storage Migration Service extension: Server1, Server2 and Server3 |
| E | Storage Migration Service: Server3
Storage Migration Service extension: Server1 only |
| F | Storage Migration Service: Server3
Storage Migration Service extension: Server1, Server2 and Server3 |
Correct answer: DExplanation:
Storage Migration Service makes it easier to migrate storage to Windows Server or to Azure. It provides a graphical tool that inventories data on Windows, Linux, and NetApp CIFS servers and then transfers the data to newer servers or to Azure virtual machines. Storage Migration Service also provides the option to transfer the identity of a server to the destination server so that apps and users can access their data without changing links or paths.
Migration is a three-step process:
Inventory servers to gather info about their files and configuration, shown in the following figure.
Transfer (copy) data from the source servers to the destination servers.
Cut over to the new servers (optional).
The destination servers assume the source servers' former identities so that apps and users don't have to change anything.
The source servers enter a maintenance state where they still contain the same files they always have (we never remove files from the source servers) but are unavailable to users and apps. You can then decommission the servers at your convenience.
Requirements
To use Storage Migration Service, you need the following items:
- A source server or failover cluster to migrate files and data from.
- A destination server running Windows Server 2019 or later (clustered or standalone) to migrate to. While Windows Server 2016 is also supported, it may be more difficult to migrate to and its support will end in January 2027.
- An orchestrator server running Windows Server 2019 or later to manage the migration.This orchestrator is the server that you install Storage Migration Service on and use to manage the migration. If you're migrating only one server, you can use the destination as the orchestrator. If you're migrating several servers, use a separate orchestrator server.
- A PC or server running the latest Windows Admin Center to run the Storage Migration Service user interface, along with the latest Storage Migration Service tool (extension) available from the feed.
References:
Storage Migration Service overview
Use Storage Migration Service to migrate a server
Question: 316
Measured Skill: Migrate servers and workloads (20-25%)
Your network contains an Active Directory Domain Services (AD DS) forest that has a Windows Server 2008 R2 forest functional level. The forest contains the domains shown in the following table.
You need to perform an in-place upgrade of the domain controllers in east.contoso.com to Windows Server 2025. The solution must minimize administrative effort.
What should you do first?| A | Raise the domain functional level of east.contoso.com to Windows Server 2025. |
| B | Raise the domain functional level of contoso.com to Windows Server 2016. |
| C | Raise the forest functional level to Windows Server 2025. |
| D | Extend the schema. |
Correct answer: BExplanation:
Functional levels determine the available Active Directory Domain Services (AD DS) domain or forest capabilities. They also determine which Windows Server operating systems you can run on domain controllers in the domain or forest. However, functional levels don't affect which operating systems you can run on workstations and member servers joined to the domain or forest.
The following interoperability matrix summarizes which Windows Server versions you can run as domain controllers for each currently supported AD DS forest and domain functional level.
First, we should raise the domain functional level of contoso.com to Windows Server 2016. Then, we should raise the forest functional level to Windows Server 2016.
Reference: Active Directory Domain Services functional levels
Question: 317
Measured Skill: Migrate servers and workloads (20-25%)
Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains 10,000 users.
You plan to migrate the domain to a new forest.
You need to ensure that the users can sign in to the new forest by using their existing password. The solution must minimize administrative effort.
What should you do?| A | Migrate the users by running ldifde.exe. |
| B | Migrate the users by using the Active Directory Administrative Center. |
| C | Migrate the users by using the Active Directory Migration Tool (ADMT). |
| D | Create Password Settings Objects (PSOs) in the new forest. |
Correct answer: CExplanation:
When an organization undergoes restructuring, be it a merger or an acquisition, it can be costly to maintain two separate Active Directory (AD) infrastructures. IT administrators are tasked with migrating objects from one Active Directory Domain Services (AD DS) environment to another to enable the sharing of resources. However, migrating an AD environment is one of the most complex tasks an IT administrator can face—and the Active Directory Migration Tool (ADMT) has been the standard utility provided by Microsoft to facilitate this process.
What is the ADMT?
The ADMT is a free utility released by Microsoft that allows administrators to migrate users, groups, and computers between two AD domains. It is primarily used for:
- Interforest migration: Moving objects between different AD forests.
- Intraforest migration: Moving objects between domains within the same forest.
Migrating passwords is the trickiest part of using ADMT because it requires the Password Export Server (PES). By default, ADMT does not migrate passwords; it generates new complex passwords for users. To successfully migrate user passwords from the source domain to the target domain, the PES must be installed on the DC in the source domain.
References:
Active Directory Migration Tool (ADMT)
Active Directory Migration Tool version 3.2
Question: 318
Measured Skill: Migrate servers and workloads (20-25%)
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com. The domain was built by using domain controllers that run Windows Server 2025.
You plan to deploy a custom app. The app will require a domain controller that runs a legacy version of Windows Server.
What is the oldest version of Windows Server that you can use for the domain controller in contoso.com?| A | Windows Server 2016 |
| B | Windows Server 2019 |
| C | Windows Server 2022 |
| D | Windows Server 2025 |
Correct answer: AExplanation:
A new forest/domain that was built by using domain controllers that run Windows Server 2025 uses the Windows Server 2016 functional level.
The following interoperability matrix summarizes which Windows Server versions you can run as domain controllers for each currently supported AD DS forest and domain functional level.
Reference: Active Directory Domain Services functional levels
Question: 319
Measured Skill: Monitor and troubleshoot Windows Server environments (20-25%)
You have an on-premises server named Server1 that runs Windows Server 2025 Standard.
You have an Azure subscription that contains the virtual machines shown in the following table.
The subscription contains a Microsoft Sentinel instance named Sentinel1 in the Central US Azure region.
You need to implement the Windows Firewall Events via AMA connector.
Which servers can send Windows Firewall events to Sentinel1?| A | VM1 only |
| B | VM2 only |
| C | VM1 and Server1 only |
| D | VM1, VM2, and VM3 only |
| E | VM1, VM2, and Server1 only |
| F | VM1, VM2, VM3, and Server1 |
Correct answer: DExplanation:
The Windows Firewall solution for Microsoft Sentinel allows you to ingest Windows Firewall Events into Microsoft Sentinel using the Log Analytics agent for Windows.
Installing this solution will deploy two data connectors,
- Windows Firewall Events via AMA - This data connector helps in ingesting Windows Firewall Events into your Log Analytics Workspace using the new Azure Monitor Agent. Microsoft recommends using this Data Connector
- Windows Firewall - This solution installs the data connector to ingest Windows Firewall events using the Windows Firewall solution for Azure. After installing the solution, configure and enable this data connector by following guidance in Manage solution view.
NOTE: Microsoft recommends Installation of Windows Firewall via AMA. Legacy connector uses the Log Analytics agent which were deprecated on Aug 31, 2024, and thus should only be installed where AMA is not supported.
To collect events from any system that is not an Azure virtual machine (Server1), the system must have Azure Arc installed and enabled before you enable the Azure Monitor Agent-based connector.
This includes:
- Windows servers installed on physical machines
- Windows servers installed on on-premises virtual machines
- Windows servers installed on virtual machines in non-Azure clouds
References:
Windows Firewall
Connect Microsoft Sentinel to other Microsoft services with a Windows agent-based data connector