Azure AD Connect users filtering.

%3CLINGO-SUB%20id%3D%22lingo-sub-1430638%22%20slang%3D%22en-US%22%3EAzure%20AD%20Connect%20users%20filtering.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1430638%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20everyone!%3C%2FP%3E%3CP%3EWe%20have%20plans%20to%20make%20a%20syncronization%20between%20our%20corporate%20Active%20Directory%20and%20Azure%20with%20Azure%20AD%20Connect%20and%20we%20plan%20to%20use%20UPN%20for%20this.%20But%20what%20about%20a%20users%20filtering%3F%20As%20we%20found%20out%20most%20flixible%20way%20for%20filtering%20is%20based%20on%20AD%20users%20attributes.%20But%20what%20exactly%20AD%20account%20attrubute%20will%20be%20better%20to%20use%20for%20this%3F%20I%20found%20a%20list%20of%20existing%20attributes%20named%20msds-cloudextensionattribute(1-20)%20but%20can't%20find%20any%20examples%20over%20the%20internet%20where%20someone%20used%20it%20exactly%20for%20the%20syncronization.%20Can%20you%20give%20an%20example%20what%20account%20attribute%20you%20use%2C%20or%20give%20an%20advice%20what%20we%20shuold%20(or%20should%20not)%20use%20for%20the%20task%3F%3C%2FP%3E%3CP%3EThank%20you!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1430638%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Ead%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EFilter%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EUsers%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1440685%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20Connect%20users%20filtering.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1440685%22%20slang%3D%22en-US%22%3EWithout%20visibility%20of%20your%20AD%2C%20only%20you%20will%20know%20which%20attributes%20are%20more%20suited%20for%20use.%20For%20example%2C%20you%20might%20only%20have%205%20departments%20and%20only%20those%20accounts%20need%20to%20be%20synchronised%20so%20the%20department%20attribute%20would%20be%20a%20good%20fit.%3CBR%20%2F%3E%3CBR%20%2F%3EPlus%2C%20you'll%20need%20to%20decide%20if%20Positive%20or%20Negative%20filtering%20works%20best%2C%20i.e.%20sync%20only%20these%20or%20sync%20everything%20but%20these.%3C%2FLINGO-BODY%3E
Highlighted
Contributor

Hello everyone!

We have plans to make a syncronization between our corporate Active Directory and Azure with Azure AD Connect and we plan to use UPN for this. But what about a users filtering? As we found out most flixible way for filtering is based on AD users attributes. But what exactly AD account attrubute will be better to use for this? I found a list of existing attributes named msds-cloudextensionattribute(1-20) but can't find any examples over the internet where someone used it exactly for the syncronization. Can you give an example what account attribute you use, or give an advice what we shuold (or should not) use for the task?

Thank you!

1 Reply
Highlighted
Without visibility of your AD, only you will know which attributes are more suited for use. For example, you might only have 5 departments and only those accounts need to be synchronised so the department attribute would be a good fit.

Plus, you'll need to decide if Positive or Negative filtering works best, i.e. sync only these or sync everything but these.