Azure ADConnect - Exclude security groups sync from OU except specific security groups

Daniel Skaaning 1 Reputation point
2021-11-05T23:02:45.407+00:00

I'm a newbie to ADConnect so bear with me.

We have used ADConnect for some time now for sync user from OU's without any issues.

Now we need to sync a couple of security groups from specific OU (we don't want them all sync to the Cloud), what would be the best solution for this?

When googling I see people using Filter rules to exclude object with specific extension attribute in AD ex. "nosync" but hopefully there would be an easier way then setting the attribute 1-15 in AD with "nosync" on all security groups, except the ones we want to sync and then select the OU to sync?

Thanks in advance,
Daniel

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,138 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Danny Zollner 10,496 Reputation points Microsoft Employee
    2021-11-05T23:16:59.687+00:00

    Is there some unifying trait to them - or can there be? Do they have a similar naming pattern or any other distinguishing attribute values? If so, the same documentation for setting up filtering rules can be used as a starting point to filter on other things as well.

    If you can identify some way for AAD Connect to tell which groups should be allowed through and which should be filtered, I can help clarify any points about the rule configuration you aren't clear on.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.