Forum Discussion
jessesan82
Jan 11, 2021Copper Contributor
MS Azure Active directory connect - synch selected group to synch all users and devices
I have a client with on premise exchange 2013. I set up azure ad connect to synch pws only (pw hash synchronization) for a selected group we created in local AD. This works good and everything synchs...
ibnmbodji
Jan 12, 2021Steel Contributor
Hi you need to be aware of this :
Microsoft doesn't support modifying or operating Azure AD Connect sync outside of the actions that are formally documented. Any of these actions might result in an inconsistent or unsupported state of Azure AD Connect sync. As a result, Microsoft can't provide technical support for such deployments.
and that :
- Group-based: Filtering based on a single group can only be configured on initial installation by using the installation wizard.
It means you cannot repeat this process .
What you need to do is use so you can sync only regular users (it's not a good idea to sync priviledged admins) :
- Organizational unit (OU)–based: By using this option, you can select which OUs synchronize to Azure AD. This option is for all object types in selected OUs.
Reference : Azure AD Connect sync: Configure filtering | Microsoft Docs