Administering Windows Server Hybrid Core Infrastructure (AZ-800) Practice

The statement regarding Azure AD DS schema extension that is true is that it's not possible to target OUs with built-in GPOs. In Azure AD DS, while you can manage Group Policy Objects (GPOs), the scope of those GPOs is limited compared to traditional on-premises Active Directory. In a traditional AD environment, you can apply GPOs to specific organizational units (OUs) to manage configurations for those OUs. However, in Azure AD DS, the integration and application of GPOs differ due to the managed nature of Azure AD DS and the underlying designed limitations, which do not allow traditional OU targeting in the same manner as on-premises Active Directory.

The other assertions present limitations or inaccuracies regarding Azure AD DS capabilities.

For example, the ability to extend the schema is not available in Azure AD DS; it provides a set defined schema that cannot be modified as you can in on-premises Active Directory. Likewise, nested OUs are not supported in Azure AD DS, which limits the organization of users and resources compared to traditional Active Directory environments. Lastly, Azure AD DS does not support all AD DS features, as some features, such as deployments of custom schemas and certain advanced configurations, are inherently part of