This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 23%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETR%3C/text%3E%3C/svg%3E)
I would like to sync multiple (but not all) AD groups from on premise to Azure AD. I would like to also sync the users included in these groups from on premise to Azure AD. I would then use the Azure AD groups to provide access to different applications.
How is it best to do this?
@Timothy Reese
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?
I was able to resolve the issue. I ended up using - Positive filtering: "only sync these" from this microsoft documentation - https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering.
Following this document, I was able to create sync rules to sync the groups and users I needed based on sAMAccountName attribute or any other custom attribute.
Syncing by groups alone is not supported in production however - only for a pilot test
So, sync your on-prem forest and filter out any OUs not needed in the sync and ensure the groups and users in those groups that you DO need are not in any OU you may be filtering out.
