Attribute Filter for local domain in AzureADConnect

MVP

Dear All,

 

I have one question, I have local domain and custom domain. when I setup azure adconnect and office 365. I synced with the OU filtering that has user has .local and .com in the same OU. my .com domain is synced corretly but .local domain is synced to .onmicrosoft.com

 

My question, can I prevent .local sync to office 365 because I have thousand users have used .local, I cannot change all user to .com domain. I don't want .onmicrosoft to show in portal. and I need azure ad connect should synced automatcally when I will change UPN suffix from .local to .com. I know the attribute filtering but I don't know which attribute should i select.

 

thank you

2 Replies

That's really up to you. The .local value can be present in multiple attributes, so you need to decide which one to filter on. A simple solution is to populate one of the custom/extensionattributes for the users you want to filter and configure a rule as shown here: https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-conf...

 

Or you can create a more complex rule that directly checks the value of say the proxyaddresses attribute, following the instructions here: https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-chan...

 

In the Azure Sync rules editor create a new Inbound rule with the below settings. Users with the @fabri.local UPN will not be synced to Office 365. 

 

Connected system object type: user

Metaverse Object type: person

Link Type: join

 

Scope filter: userprinceplename , ENDSWITH, @fabri.local

 

Transformation: Constant, Cloudfiltered, True