Welcome to Langenile

[email protected]
Contact Us

Configuring Azure AD Connect filters– Implementing and Managing Identity Synchronization with Azure AD

  1. Home / Creating and managing users  / 
  2. Configuring Azure AD Connect filters– Implementing and Managing Identity Synchronization with Azure AD
Mar 15, 2023
Configuring Azure AD Connect filters– Implementing and Managing Identity Synchronization with Azure AD

If you need to exclude objects from Azure AD Connect’s synchronization scope, you can do so through a number of different methods:
• Domain and organizational unit-based filtering
• Group-based filtering
• Attribute-based filtering
Let’s quickly examine these.


Domain and organizational unit-based filtering
With this method, you can deselect large portions of your directory by modifying the list of domains or organizational units that are selected for synchronization. While there are several ways to do this, the easiest way is through the Azure AD Connect setup and configuration tool:

  1. To launch the Azure AD Connect configuration tool, double-click the Azure AD Connect icon on the desktop of the server where Azure AD Connect is installed. After it launches, click Configure.
  2. On the Additional tasks page, select Customize synchronization options and then click Next.

Figure 4.8 – The Additional tasks page

  1. On the Connect to Azure AD page, enter a credential with either the Global Administrator or Hybrid Identity Administrator role and click Next.
  2. On the Connect your directories page, click Next.
  3. On the Domain and OU filtering page, select the Sync selected domains and OUs radio button, and then select or clear objects to include or exclude from synchronization.

Figure 4.9 – The Azure AD Connect Domain and OU filtering page

  1. Click Next.
  2. On the Optional features page, click Next.
  3. On the Ready to configure page, click Configure.
    After synchronization completes, verify that only objects from in-scope organizational units or domains are present in Azure AD.
    Group-based filtering
    Azure AD Connect only supports the configuration of group-based filtering if you choose to customize the Azure AD Connect setup. It is not available if you perform an express installation.
    That being said, if you’ve chosen a custom installation, you can choose to limit the synchronization scope to a single group. On the Filter users and devices page of the configuration wizard, select the Synchronize selected radio button and then enter the name or distinguished name (DN) of a group that contains the users and devices to be synchronized.

Figure 4.10 – The Filter users and devices page
With group-based filtering, only direct members of the group are synchronized. Users, groups, contacts, or devices nested inside other groups are not resolved or synchronized.
Microsoft recommends group-based filtering for piloting purposes only.

More Details

Leave a Reply

Your email address will not be published. Required fields are marked *