Share via

Azure AD Connect: synchronize specific users from an OU after AD Connect deployment

Allan Stark 541 Reputation points
2021-02-03T07:11:28.557+00:00

I need to selectively synchronize users from a specific OU.
This OU has several service accounts that cannot be moved to another OU and which should not be synced with Azure AD.
The deployment of Azure AD Connect is already done with a filter by several OUs.

I looked at the article https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering
But everything is described in rather general terms and there are no good examples.
I tried adding multiple filtering rules but they didn't work.

About synchronizing users based on a group, it is recommended only for test use. And is available only during the initial AD Connect setup.

Microsoft Security | Microsoft Entra | Microsoft Entra ID
Accepted answer
  1. AmanpreetSingh-MSFT 56,871 Reputation points Moderator
    2021-02-03T07:50:32.657+00:00

    Hi @AllanStark-4537 · Thank you for reaching out.

    You should consider using Attribute Based filtering as mentioned under Negative filtering: "do not sync these" with step by step instructions along with screenshots. This includes a great example where, you can filter out (not synchronize) all users where extensionAttribute15 has the value NoSync.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    2 people found this answer helpful.
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Allan Stark 541 Reputation points
    2021-02-04T17:48:06.857+00:00

    After a lot of trial and error, I finally got it...

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.