By default the AADSync (well the same applies to DirSync) will synchronized your entire Active Directory with Microsoft Azure Active Directory and in most of the cases that is not the ideal scenario. There are a lot of ways to filter what can be synchronized from on-premises to the Cloud and this Tutorial is going to focused on the Organization Unit filtering capabilities.
In this Tutorial we have a simple Active Directory Domain with a couple of accounts and Exchange Server being synchronized with Azure Active Directory, and after the first successful synchronization we can see that we tons of accounts that shouldn’t be there.
The first step to start filtering is opening the Azure Active Directory Sync Services which can be found on C:Program FilesMicrosoft Azure AD SyncUIShell and the utility name is miisclient.exe. The splash welcome screen will be similar to the figure below.
Let’s click on Connectors, and then right-click on the connector that has the FQDN of your on-premises domain, and click on Properties.
In the new page, click on Configure Directory Partitions, and then click on Containers…
A new credentials page will be displayed, type in the AD credentials, and click OK.
That was the default settings that we have in our environment which is generating all those system accounts in the Microsoft Azure Active Directory.
If you use your Organization Units to place users, then make sure that only OUs that have users to be synchronized (you can always go back and add/remove OUs). In our example here, we have users only on the Quebec OU. Click OK twice.
Now, it’s time to force a full synchronization, we show the process how to do that with AADSync in this Tutorial: http://ITPROCentral.com/how-to-force-the-synchronization-using-aadsync/
After performing a full synchronization, we can check the Azure Active Directory and all our users are the valid ones and they fit in less than a page (well I have only a couple of users in my environment).
In this Tutorial we went through the process to filter the synchronization with Azure Active Directory using Organization Units in the AADSync Tool.