How to filter objects being synchronized with Microsoft Azure Active Directory

Share this:

By default the AADSync (well the same applies to DirSync) will synchronized your entire Active Directory with Microsoft Azure Active Directory and in most of the cases that is not the ideal scenario. There are a lot of ways to filter what can be synchronized from on-premises to the Cloud and this Tutorial is going to focused on the Organization Unit filtering capabilities.

Solution


In this Tutorial we have a simple Active Directory Domain with a couple of accounts and Exchange Server being synchronized with Azure Active Directory, and after the first successful synchronization we can see that we tons of accounts that shouldn’t be there.

image

The first step to start filtering is opening the Azure Active Directory Sync Services which can be found on C:Program FilesMicrosoft Azure AD SyncUIShell and the utility name is miisclient.exe. The splash welcome screen will be similar to the figure below.

image

Let’s click on Connectors, and then right-click on the connector that has the FQDN of your on-premises domain, and click on Properties.

image

In the new page, click on Configure Directory Partitions, and then click on Containers…

image

A new credentials page will be displayed, type in the AD credentials, and click OK.

image

That was the default settings that we have in our environment which is generating all those system accounts in the Microsoft Azure Active Directory.

image

If you use your Organization Units to place users, then make sure that only OUs that have users to be synchronized (you can always go back and add/remove OUs). In our example here, we have users only on the Quebec OU. Click OK twice.

image

Now, it’s time to force a full synchronization, we show the process how to do that with AADSync in this Tutorial: http://ITPROCentral.com/how-to-force-the-synchronization-using-aadsync/

After performing a full synchronization, we can check the Azure Active Directory and all our users are the valid ones and they fit in less than a page (well I have only a couple of users in my environment).

image

Conclusion


In this Tutorial we went through the process to filter the synchronization with Azure Active Directory using Organization Units in the AADSync Tool.

Written by Anderson Patricio

Anderson Patricio

Anderson Patricio is a Canadian MVP in Cloud and Datacenter Management, and Office Server and Services, besides the Microsoft Award he also holds a Solutions Master (MCSM) in Exchange and several other certifications. Anderson has been contributing to the Microsoft Community with articles, tutorials, blog posts, twitter, forums and book reviews. He is a regular contributor here at ITPROCentral.com, MSExchange.org, Techgenix.com and Anderson Patricio.org (Portuguese).

Related Post

AAD Sync– Creating filter rules using object... Using Microsoft Azure Active Directory Sync tool to filter out objects using the SyncRulesEditor tool. During the installation of the tool the adminis...
How to install Microsoft Azure Active Directory Sy... How to deploy the Microsoft Azure Active Directory Sync Services (AADSync) released in the last September, keep in mind that DirSync is still supporte...
Managing Synchronization with AAD Connect Using AAD Connect synchronization settings to validate, trigger synchronization and check the status. Solution For those administrators that a...
AAD Sync – Modifying a filter rule How to modify an existent filter rule and validating what changes in the Azure Active Directory using AAD Sync. Solution To demonstrate how a ...