Shulou(Shulou.com)06/03 Report--

In the previous article, we have finished installing AAD Connect, and in this article we will set up property filtering.

Generally speaking, we can just use the default configuration, and AAD Connect will synchronize all objects in all domains in the configured forest to Azure AD. This allows users using Office 365 such as Exchange Online and Skype for Business to use the complete global address list. With the default configuration, the user will get the same experience as a native implementation using Exchange or Lync.

If we use filtering, we can control which objects in the local directory should appear in Azure Active Directory (Azure AD).

In the following types, we need to set up property filtering:

Plan to use multiple Azure AD directory topologies. Then, you need to apply a filter to control which objects are synchronized to a specific Azure AD directory. You want to try Azure or Office 365, so you only want to create a small number of users in Azure AD. In small-scale trials, you do not need to use a complete global address list to demonstrate functionality. There are many unwanted service accounts and other non-personal accounts in Azure AD. For compliance reasons, you cannot delete any local user accounts, you can only disable them. However, in Azure AD, you only want active accounts to exist.

We need to disable scheduled tasks before filtering.

How do I disable scheduled tasks?

The default AAD Connect triggers the built-in scheduler for the synchronization cycle every 30 minutes, as follows:

Go to the PowerShell prompt.

Run Get-ADSyncScheduler to view the status of the current scheduled task

Run Set-ADSyncScheduler-SyncCycleEnabled $False to disable the scheduler.

Then we open the Syncchronization Rules Editor.

Click In from AD-User Join,Edit

Choose No

Click "Add clause", select "Attribute" as "extensionAttribute1", "Operator" unchanged, and "Value" enter "Sync"

Change "Join rules", change "Source attribute" to "mail", change "Target attribute" to "mailNickname", and save

Now that our property filtering rules are set, let's set the properties of the users who need to be synchronized.

Because my AD domain name is different from the Azure AD domain, I need to modify the UPN suffix for the user

Then add a "extensionAttribute1" attribute with the value "Sync"

Run the following command after filtering and property value changes are complete.

Run Set-ADSyncScheduler-SyncCycleEnabled $True to enable the scheduler again

Then we can wait 30 minutes for the program to synchronize automatically, or we can synchronize manually.

Enter Start-ADSyncSyncCycle Initial to force full synchronization

Enter Start-ADSyncSyncCycle delta to force incremental synchronization

This completes the property filtering, and in the next article we'll start configuring the Exchange hybrid deployment.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.