Azure AD syncs all forest users, not specific OUs

Question

On my AD server there are several OUs with users.
At the time of setting up the Azure AD Connect, I set up synchronization in Azure AD of users from only one OU, but after setting up users from all OUs were transferred to Azure AD.
Please tell me how can I fix this situation, a Google search did not give me the results I needed

Answer 1

Hi

when you ran the initial setup of Azure AD Connect, instead of selecting Express Settings you should have had the option for "Domain/OU Filtering" and only select the OU's you wished to synchronize (screenshot below):

To change this now, re-run the AzureAD Connect wizard and specifyt the OUs you wish to synchronize. Follow the steps in this link:

https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-custom

Thanks

Michael Durkan

• If the reply was helpful please upvote and/or accept as answer as this helps others in the community with similar questions. Thanks!

Answer 2

Hi Boris,

So you want to change the scope of the OU to specific OUs instead of all the OUs and all the Users? If answer is Yes you will need to re-run the AAD Connect configuration wizard and de-select the OUs that you do not want to sync and select only the OUs that you want via the OU picker check here how-to-connect-install-custom

The out of sync users will be deleted from the AAD.

Hope this helps.
JS

==
Please Accept the answer if the information helped you. This will help us and others in the community as well.

Answer 3

These are my filtering settings at the moment, but all domain users still get into Azure AD