Using standard filters to exclude users and groups

In this section, we'll use the standard filtering options to exclude users and groups to be synchronized to the metaverse:

  1. Log in as domain administrator to your YD1ADS01.
  2. Open the Active Directory Users and Computers console (dsa.msc).
  3. Be sure that you are in the advanced features view:

Active Directory Users and Computers—Advanced Features option
  1. Choose one of your users and move to the Attribute Editor tab.
  2. Edit the adminDescription attribute and enter User_NoSync, where User_ is the important part:

adminDescription filtering option
  1. Save your settings and minimize the console.
  2. Open the Synchronization Rules Editor.
  3. Edit the rule In from AD - User Common.
  4. Click on Scoping filter.
  5. You'll see a Scoping filter with the following clause:
adminDescription NOTSTARTSWITH User_

The following screenshot shows the configuration to filter users to synchronize to Azure AD by filling the adminDescription attribute:

Rule configuration to filter specific users
  1. Click Cancel and minimize the synchronization rules editor.
  2. Open the Synchronization Service Manager.
  3. Click on Connectors and start a delta import on your Active Directory connector.
  4. You'll get an update in the sync statistics:

Delta import synchronization statistics
  1. Click on Updates.
  2. You'll notice add on your modified user account:

adminDescription attribute flow
  1. Click on Preview.
  2. Choose Delta Synchronization.
  3. Click Generate Preview:

Synchronization preview options
  1. You'll see in the result that the Object Deletion Rule was satisfied:
Object deletion rule preview
  1. Click on Connector Deprovisioning:

Connector Deprovisioning preview
  1. The object will be disconnected.
  2. Click Close.
  3. Click Preview.
  4. Chose Delta synchronization.
  1. Click Commit Preview:

Preview commitment option
  1. Open a Metaverse Search:

Metaverse search option
  1. Click Search.
  2. Aaron Painter no longer exists in the Metaverse.
  3. Run an Export on the Azure AD connector:

Export run profile execution on Azure AD
  1. You'll get a delete in the sync statistics.
  2. Click Deletes:

Export Statistics on Azure AD
  1. Click on the object GUID:

Connector space validation
  1. Your user will be deleted from the Azure AD.
  2. You'll see Awaiting Export Confirmation.
  3. Run delta import on the Azure AD connector.
  4. The object will be deleted in the connector space of the Azure AD connector:

Deletion of the object in the connector space
  1. Run delta sync on the Azure AD connector to finish the change.
  2. Open the connector space on the Azure AD connector. You won't find the preceding CN=:

Connector space search and validation options

With this option, you've seen that you can filter objects in a filter OU by filling the adminDescription attribute with User_NoSync. The same procedure can be used to filter groups with Group_NoSync, for example. Here, you can find the specific In from AD—Group Common inbound rule, which is shown in the following screenshot:

adminDescription usage for groups

In the next example, we'll build a custom rule.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.226.165.247