Azure ADConnect - Exclude security groups sync from OU except specific security groups

Daniel Skaaning 1 Reputation point

I'm a newbie to ADConnect so bear with me.

We have used ADConnect for some time now for sync user from OU's without any issues.

Now we need to sync a couple of security groups from specific OU (we don't want them all sync to the Cloud), what would be the best solution for this?

When googling I see people using Filter rules to exclude object with specific extension attribute in AD ex. "nosync" but hopefully there would be an easier way then setting the attribute 1-15 in AD with "nosync" on all security groups, except the ones we want to sync and then select the OU to sync?

Thanks in advance,

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,702 questions
No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Danny Zollner 5,986 Reputation points Microsoft Employee

    Is there some unifying trait to them - or can there be? Do they have a similar naming pattern or any other distinguishing attribute values? If so, the same documentation for setting up filtering rules can be used as a starting point to filter on other things as well.

    If you can identify some way for AAD Connect to tell which groups should be allowed through and which should be filtered, I can help clarify any points about the rule configuration you aren't clear on.