MS Azure Active directory connect - synch selected group to synch all users and devices

jessesan82 · ‎Jan 11 2021

I have a client with on premise exchange 2013. I set up azure ad connect to synch pws only (pw hash synchronization) for a selected group we created in local AD. This works good and everything synchs no problem. Now we want to start synching all our users and not just that group. Has anyone done this? Are there any things to look out for?

ibnmbodji · ‎Jan 12 2021

@jessesan82

Hi you need to be aware of this :

Microsoft doesn't support modifying or operating Azure AD Connect sync outside of the actions that are formally documented. Any of these actions might result in an inconsistent or unsupported state of Azure AD Connect sync. As a result, Microsoft can't provide technical support for such deployments.

and that :

Group-based: Filtering based on a single group can only be configured on initial installation by using the installation wizard.

It means you cannot repeat this process .

What you need to do is use so you can sync only regular users (it's not a good idea to sync priviledged admins) :

Organizational unit (OU)–based: By using this option, you can select which OUs synchronize to Azure AD. This option is for all object types in selected OUs.

Reference : Azure AD Connect sync: Configure filtering | Microsoft Docs

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

MS Azure Active directory connect - synch selected group to synch all users and devices

MS Azure Active directory connect - synch selected group to synch all users and devices

Re: MS Azure Active directory connect - synch selected group to synch all users and devices