Active Directory Sync Tool – filters for user accounts
Today I published article how to make synchronization between Active Directory and Microsoft cloud Office 365. I also mentioned that you can filter which users you want to synchronize to cloud and which not. I also mentioned article where it’s described. I started to play with it, but it’s not as simple as I thought 🙂
They mention that you can filter on three conditions:
-
Based on OU location
- Domain based
- User attribute
I wanted to investigate third option – filter on User attribute. So I started to read article. First and most important is to mention that you set filter on users which you DO NOT want to synchronize. 🙂 So I decided to synchronize users which have their attribude “department” set to value “IT”. So I had to set filter out all users which don’t have this attribute set. 🙂
Another catch in article is about location of MIISAdmin tool. Article specifies some disk location, but it’s completely different. On my Windows Server 2012 it was installed in:
When I want to sync account which have department attribute set to “IT” I had to do following:
Open up miisclient.exe and click on Management Agents:
Right click on AD Connector (Agent) and Properties:
On left side you have to select Configure Connector Filter, then on right select user and select New…:
Now declare new condition, which means we don’t want users that have department attribute set to IT:
OK, OK. I set in domain only users User10-User19 to have value set. Now let’s force synchronization (IMHO it could be something more inteligent and nicer 🙂 ).
Let’s go to installation folder and run DirSyncConfigShell.psc1:
Now I have to run Start-OnlineCoexistenceSync:
You can check if everythin works fine in Application events and you should have success on the end:
And on cloud Office 365 I see just users I wanted to see:
Only thing I’m missing is to filter based on group membership.
Have a nice day,
Recent Comments