Azure AD Connect synchronization rules editor - filter group based

Question

Hi,

we sync all users and group to AAD

I have a group that her members should not sync to azure.

I need to create a rule that members of this group should not sync to azure.

I can't fine any article regarding creating this kind of rule based on group membership .

need help with this issue.

Thanks,

Lior

Answer 1

Hello @LiorFrumat-5743 ,

Group based filtering in Azure AD connect can be set during the first time when AzureAD connect is installed by using custom installation option. It is generally provided for a one-time use for testing pilot deployment and syncing a set of users before full on-boarding to azure AD . If you have used it once and disabled it , you will not be able to use it again as per design. Its not a supported option to use group-based filtering in a custom configuration. The better way is to use negative filtering and configure attribute based filtering.

So Ideally in the on-premise environment you would have to define any extensionattribute1-15 on the user object and provide it a specific string value like Blocksync* or anything which you like. Now when the Azure AD connect will import the user form local Active directory , it will check as per the filtering rule if the extension attribute you have defined in the rule has a value of Blocksync and if it has the object will not be imported in the local AD connector space and hence will not be further sent to azure AD .

I have provided some links which are related to this and I would strongly suggest you to go through them. If the information provided helps , please do accept the post as answer so that it can help other members of the community . Should you have any further query , please feel free to let us know and we will be happy to help .

Thank you.