An Engineers Notebook

Filtering in DirSync

With DirSync for Office 365, you can specify what NOT to synchronize with a filter. This is useful in large environments as there may be hundereds of thousands of objects and that would not be suitable if only one portion of your organization actually used Office 365.

There are three filter types:
  • OU-Based Filtering
  • Domain Based Filtering
  • User-Attribute Based Filtering
You can have multiple filter rules in a single condition = OR (any)
or Multiple conditions in the same rule = AND (all).

This filtering is done on the server with Forefront ID Manager. 
You need to navigate to the following directory:
“C:Program FilesWindows Azure Active Directory SyncSYNCBUSSynchronization ServiceUIShell”
Here you will find miisclient.exe.
Open up Management Agents. You’ll see the Active Directory Connector. Double click this to open the connector.
Select “Configure Directory Partitions”.

If there were multiple domains, and we wanted to filter out an entire domain, we could do this here by unticking the checkbox of the domain we DONT want to sync. This is Domain Based Filtering.
Click the “Containers” button and you’ll be promted for the username and password for AD. Enter the credentials and the AD OU’s are then displayed with check boxes all ticked. 
Unticking these boxes will filter DirSync bu OU. This is OU Based Filtering

Next click on “Configure Connector Filter”. Select “User” and then click “New” to create out own User Based Filter.

If we want to create a User Based Filter to filter out a custom group of people, we can use an extensionAttribute to specify if a value is present that this object won’t be synchronized. So all we’d have to do it fill in “NoSync” as below, then populate this value for any users that we don’t want to be synchronized into their user attributes.

Leave a Reply

Your email address will not be published.