Sep 27 2021
- last edited on
Feb 10 2023
I would like to create an attribute-based filter. The goal is to only synchronize users with a proxyaddresses ending with @mytestdomain.com, @myothertestdomain.com and @mydomain.onmicrosoft.com.
However, after reviewing the documentation from the link below, I am left with more questions.
I was thinking about implementing a "positive filter"
The section for "positive filter" states that we must, "override the default filter in the out-of-box rule In from AD - User Join"
After examining the default rule "In from AD - User Join" that rule has a link type set to Provision.
However, the example states to set the link type to join. That default rule appears to filter out critical system objects and a few other accounts so I want to make sure I don't mess things up.
I'm not sure if I should just leave this rule in place and create rules with a lower precedence, duplicate, disable the original rule, follow the instructions and change the link type, or do something else completely.
Seems like it might be something fairly common to do, filter based on the proxyaddresses attribute but I can seem to find much on this topic.
Anyone have any ideas?
Oct 07 2021 10:40 PM
You should be able to add them in on user join rule.
You don't need to add the tenant suffix to the filter.
Hope this helps,
Oct 19 2021 10:56 AM
I tried this, however, it doesn't appear to filter correctly.
Doing this appears to remove all accounts.
Oct 19 2021 09:59 PM
Hi again @notmynamehere,
You have to create two SEPERATE rules for those two different suffixes. And you can add even more rules if needed.
My apologies if I didn't explain myself enough.
Hopefully this helps,