AAD Sync– Creating filter rules using object attributes

Share this:

Using Microsoft Azure Active Directory Sync tool to filter out objects using the SyncRulesEditor tool. During the installation of the tool the administrator can configure it as manual and work on the filtering, the filtering may come using different rules like the one that we will create in this Tutorial, or using Organization Units (OUs).

Solution


In order to start creating the filter rules, the first step is to open the SyncRulesEditor program, which can be found at C:\Program Files\Microsoft Azure AD Sync\UIShell (if you are using the default installation location).

image

In the main page of the application, all rules created during the AAD Synchronization Tool are going to be listed, click on Add new Rule.

image

In the new wizard, define a name for the new rule, in this example we are going to create a rule that does not replicate a certain UPN.

image

In the Scoping filter page. We are going to define which attribute to be used as condition for the rule, in our case we are going to use userPrincipalName and we are going to configure the condition to apply to any user not having the @patricio.ca domain. Long story short, only @patricio.ca will be replicated, and that is useful for Active Directory environment with tons of domains and just a few need to be replicated.

image

In the Join Rules page. Just click Next.

In the Transformations page. Define FlowType as Constant, and select CloudFiltered and type in True, as shown in the figure below.

image

After having this new rule in place, all users ending with @patricio.ca will be replicated and any other domain will be skipped.

We can use the same process to create any filter to control the replication and ensure that only the valid objects are being replicated to Azure Active Directory.

Written by Anderson Patricio

Anderson Patricio

Anderson Patricio is a Canadian MVP in Cloud and Datacenter Management, and Office Server and Services, besides the Microsoft Award he also holds a Solutions Master (MCSM) in Exchange and several other certifications. Anderson has been contributing to the Microsoft Community with articles, tutorials, blog posts, twitter, forums and book reviews. He is a regular contributor here at ITPROCentral.com, MSExchange.org, Techgenix.com and Anderson Patricio.org (Portuguese).

Related Post

Azure Free Trial expired. How to continue using th... The Azure free trial expiration is common for administrator that are starting with Microsoft Azure. In this Tutorial, we are going over the simple ste...
AAD Sync – Modifying a filter rule How to modify an existent filter rule and validating what changes in the Azure Active Directory using AAD Sync. Solution To demonstrate how a ...
Azure Backup – Part 1 One of the first workloads that usually the majority the organizations wants to start to use in Azure is to replace the tape to Cloud Backup. Followin...
Azure Backup – Part 3 – Backup Virtual Machines... On the first post (see here), I explained how the Azure backup works. On this post, I’m explaining how to backup Virtual Machines with Azure Backup. ...