In this section, we'll use the standard filtering options to exclude users and groups to be synchronized to the metaverse:
- Log in as domain administrator to your YD1ADS01.
- Open the Active Directory Users and Computers console (dsa.msc).
- Be sure that you are in the advanced features view:
Active Directory Users and Computers—Advanced Features option
- Choose one of your users and move to the Attribute Editor tab.
- Edit the adminDescription attribute and enter User_NoSync, where User_ is the important part:
adminDescription filtering option
- Save your settings and minimize the console.
- Open the Synchronization Rules Editor.
- Edit the rule In from AD - User Common.
- Click on Scoping filter.
- You'll see a Scoping filter with the following clause:
adminDescription NOTSTARTSWITH User_
The following screenshot shows the configuration to filter users to synchronize to Azure AD by filling the adminDescription attribute:
Rule configuration to filter specific users
- Click Cancel and minimize the synchronization rules editor.
- Open the Synchronization Service Manager.
- Click on Connectors and start a delta import on your Active Directory connector.
- You'll get an update in the sync statistics:
Delta import synchronization statistics
- Click on Updates.
- You'll notice add on your modified user account:
adminDescription attribute flow
- Click on Preview.
- Choose Delta Synchronization.
- Click Generate Preview:
Synchronization preview options
- You'll see in the result that the Object Deletion Rule was satisfied:
Object deletion rule preview
- Click on Connector Deprovisioning:
Connector Deprovisioning preview
- The object will be disconnected.
- Click Close.
- Click Preview.
- Chose Delta synchronization.
- Click Commit Preview:
Preview commitment option
- Open a Metaverse Search:
Metaverse search option
- Click Search.
- Aaron Painter no longer exists in the Metaverse.
- Run an Export on the Azure AD connector:
Export run profile execution on Azure AD
- You'll get a delete in the sync statistics.
- Click Deletes:
Export Statistics on Azure AD
- Click on the object GUID:
Connector space validation
- Your user will be deleted from the Azure AD.
- You'll see Awaiting Export Confirmation.
- Run delta import on the Azure AD connector.
- The object will be deleted in the connector space of the Azure AD connector:
Deletion of the object in the connector space
- Run delta sync on the Azure AD connector to finish the change.
- Open the connector space on the Azure AD connector. You won't find the preceding CN=:
Connector space search and validation options
With this option, you've seen that you can filter objects in a filter OU by filling the adminDescription attribute with User_NoSync. The same procedure can be used to filter groups with Group_NoSync, for example. Here, you can find the specific In from AD—Group Common inbound rule, which is shown in the following screenshot:
adminDescription usage for groups
In the next example, we'll build a custom rule.