Home > Active Directory, Microsoft, Windows > Active Directory Sync Tool – filters for user accounts

Active Directory Sync Tool – filters for user accounts

Today I published article how to make synchronization between Active Directory and Microsoft cloud Office 365. I also mentioned that you can filter which users you want to synchronize to cloud and which not. I also mentioned article where it’s described. I started to play with it, but it’s not as simple as I thought 🙂

They mention that you can filter on three conditions:

  • Based on OU location
  • Domain based
  • User attribute

I wanted to investigate third option – filter on User attribute. So I started to read article. First and most important is to mention that you set filter on users which you DO NOT want to synchronize. 🙂 So I decided to synchronize users which have their attribude “department” set to value “IT”. So I had to set filter out all users which don’t have this attribute set. 🙂

Another catch in article is about location of MIISAdmin tool. Article specifies some disk location, but it’s completely different. On my Windows Server 2012 it was installed in:

 

Installation directory

 

When I want to sync account which have department attribute set to “IT” I had to do following:

Open up miisclient.exe and click on Management Agents:

 

Management Agents

 

Right click on AD Connector (Agent) and Properties:

 

Properties

 

On left side you have to select Configure Connector Filter, then on right select user and select New…:

 

Sycn filter

 

Now declare new condition, which means we don’t want users that have department attribute set to IT:

 

Define filter

 

OK, OK. I set in domain only users User10-User19 to have value set. Now let’s force synchronization (IMHO it could be something more inteligent and nicer 🙂 ).

Let’s go to installation folder and run DirSyncConfigShell.psc1:

 

Running force sync

 

Now I have to run Start-OnlineCoexistenceSync:

 

Start-OnlineCoexistenceSync

 

You can check if everythin works fine in Application events and you should have success on the end:

 

Synchronization successed

 

And on cloud Office 365 I see just users I wanted to see:

 

Filtered users

 

Only thing I’m missing is to filter based on group membership.

Have a nice day,

 

  1. Chris
    October 16th, 2014 at 11:25 | #1

    Hi,

    Nice article, but like your last comment I too am interested in filtering based on group membership.

    Did you happen to get anywhere with this? what about using the memberof attribute?

    It seems like the obvious choice (certainly in our business) for a filter.

    Thanks
    Chris

  2. October 16th, 2014 at 11:51 | #2

    Helo
    Thank you for a comment. I haven’t tried attribute memeberOf. Have you? 🙂

  1. No trackbacks yet.