Aug 22 2017
- last edited on
Feb 10 2023
I have one question, I have local domain and custom domain. when I setup azure adconnect and office 365. I synced with the OU filtering that has user has .local and .com in the same OU. my .com domain is synced corretly but .local domain is synced to .onmicrosoft.com
My question, can I prevent .local sync to office 365 because I have thousand users have used .local, I cannot change all user to .com domain. I don't want .onmicrosoft to show in portal. and I need azure ad connect should synced automatcally when I will change UPN suffix from .local to .com. I know the attribute filtering but I don't know which attribute should i select.
Aug 22 2017 11:27 AM
That's really up to you. The .local value can be present in multiple attributes, so you need to decide which one to filter on. A simple solution is to populate one of the custom/extensionattributes for the users you want to filter and configure a rule as shown here: https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-conf...
Or you can create a more complex rule that directly checks the value of say the proxyaddresses attribute, following the instructions here: https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-chan...
Jan 19 2018 03:54 AM
In the Azure Sync rules editor create a new Inbound rule with the below settings. Users with the @fabri.local UPN will not be synced to Office 365.
Connected system object type: user
Metaverse Object type: person
Link Type: join
Scope filter: userprinceplename , ENDSWITH, @fabri.local
Transformation: Constant, Cloudfiltered, True