AAD Sync– Creating filter rules using object attributes

Share this:

Using Microsoft Azure Active Directory Sync tool to filter out objects using the SyncRulesEditor tool. During the installation of the tool the administrator can configure it as manual and work on the filtering, the filtering may come using different rules like the one that we will create in this Tutorial, or using Organization Units (OUs).


In order to start creating the filter rules, the first step is to open the SyncRulesEditor program, which can be found at C:\Program Files\Microsoft Azure AD Sync\UIShell (if you are using the default installation location).


In the main page of the application, all rules created during the AAD Synchronization Tool are going to be listed, click on Add new Rule.


In the new wizard, define a name for the new rule, in this example we are going to create a rule that does not replicate a certain UPN.


In the Scoping filter page. We are going to define which attribute to be used as condition for the rule, in our case we are going to use userPrincipalName and we are going to configure the condition to apply to any user not having the @patricio.ca domain. Long story short, only @patricio.ca will be replicated, and that is useful for Active Directory environment with tons of domains and just a few need to be replicated.


In the Join Rules page. Just click Next.

In the Transformations page. Define FlowType as Constant, and select CloudFiltered and type in True, as shown in the figure below.


After having this new rule in place, all users ending with @patricio.ca will be replicated and any other domain will be skipped.

We can use the same process to create any filter to control the replication and ensure that only the valid objects are being replicated to Azure Active Directory.

Written by Anderson Patricio

Anderson Patricio is a Canadian Exchange Server MVP and MCSM (Solutions Master) and he contributes to the Microsoft Community with articles, tutorials, blog posts, forums and book reviews. He is a regular contributor at MSExchange.org, ITPROCentral.com and AndersonPatricio.org (Portuguese).