According to the Microsoft SC-300: Identity and Access Administrator Study Guide and the Microsoft Learn module “Implement and manage synchronization for Azure AD” , Azure AD Connect Cloud Sync is the preferred solution when you need to synchronize objects from multiple Active Directory (AD DS) forests without establishing forest trusts .
The scenario specifies that trust relationships must NOT be established between adatum.com and litware.com , but A. Datum must still sync the AD DS users and groups of litware.com to their existing Azure AD tenant (adatum.com).
The SC-300 training materials clarify:
“Azure AD Connect cloud sync enables syncing from multiple AD forests to a single Azure AD tenant without the need for forest trusts or a full Azure AD Connect installation in each forest.”
Unlike staging mode (which provides a standby sync server for failover) or extending the same Azure AD Connect instance to another domain (which requires trust relationships and network connectivity between forests), Azure AD Connect Cloud Sync uses lightweight agents and does not depend on forest trust.
Therefore, to meet the requirement of syncing Litware’s AD DS to A. Datum’s Azure AD tenant without creating a trust , the correct choice is to configure Azure AD Connect Cloud Sync between the Azure AD tenant and the litware.com domain.
