Share via

Configuring Azure AD Connect to selectively ignore service accounts?

EnterpriseArchitect 6,041 Reputation points
2023-06-08T12:40:18.23+00:00

How can I configure the Azure AD connect synch setting, so some of the OnPremise AD service accounts are not synched up to the Azure AD?

The service accounts are all in the Domain.com/Service_Accounts OU, but only the member of a specific AD security group called 'Synchable-Accounts' can be synched up to Azure AD.

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Microsoft Graph
Microsoft Security | Microsoft Entra | Other
0 comments
Accepted answer
  1. Andy David - MVP 157.8K Reputation points MVP Volunteer Moderator
    2023-06-08T13:30:43.27+00:00

    use an attribute filter and populate that on all the accounts that you dont want synced

    https://learn.microsoft.com/en-us/azure/active-directory/hybrid/connect/how-to-connect-sync-configure-filtering#attribute-based-filtering

    Alternatively: put the objects you dont want sycned in their own OU and remove that OU from the sync:

    https://learn.microsoft.com/en-us/azure/active-directory/hybrid/connect/how-to-connect-sync-configure-filtering#organizational-unitbased-filtering

    2 people found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.