I have a client with on premise exchange 2013. I set up azure ad connect to synch pws only (pw hash synchronization) for a selected group we created in local AD. This works good and everything synchs no problem. Now we want to start synching all our users and not just that group. Has anyone done this? Are there any things to look out for?
Microsoft doesn't support modifying or operating Azure AD Connect sync outside of the actions that are formally documented. Any of these actions might result in an inconsistent or unsupported state of Azure AD Connect sync. As a result, Microsoft can't provide technical support for such deployments.
and that :
Group-based: Filtering based on a single group can only be configured on initial installation by using the installation wizard.
It means you cannot repeat this process .
What you need to do is use so you can sync only regular users (it's not a good idea to sync priviledged admins) :
Organizational unit (OU)–based: By using this option, you can select which OUs synchronize to Azure AD. This option is for all object types in selected OUs.