Configure Azure AD Connect for Specific User Synchronization
Question
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You manage an Active Directory domain named contoso.local.
You install Azure AD Connect and connect to an Azure Active Directory (Azure AD) tenant named contoso.com without syncing any accounts.
You need to ensure that only users who have a UPN suffix of contoso.com in the contoso.local domain sync to Azure AD.
Solution: You use Synchronization Rules Editor to create a synchronization rule.
Does this meet the goal?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B.A
Filtering what objects are synced to Azure AD is a common request and there are many instances where filtering by OU just doesn't cut it. One option is to filter users by their UPN suffix so that only users with the public FQDN as their UPN suffix are synced to Azure AD (e.g., john.doe@acme.com would be synced while jane.doe@internal.acme.com would not).
Filtering can be configured using either the GUI or PowerShell.
Through GUI:
Using The Synchronization Rules Editor
1. Open the Synchronization Rules Editor on the server where Azure AD Connect is installed.
2. Click the Add new rule button on the View and manage your synchronization rules window.
3. Fill out the appropriate fields on the Description tab and click Next >.
4. On the Scoping filter tab, click Add group, then Add clause, add a userPrincipalName attribute filter, and click Next >.
Attribute: userPrincipalName -
Operator: ENDSWITH -
Value: Your internal UPN suffix prefixed with @ (e.g., @internal.acme.com). Users with this UPN suffix will NOT be synced with Office 365.
The provided solution of using Synchronization Rules Editor to create a synchronization rule does meet the stated goal of syncing only users who have a UPN suffix of contoso.com in the contoso.local domain to Azure AD.
Synchronization Rules Editor is a tool used to customize synchronization rules for Azure AD Connect. The solution involves creating a custom synchronization rule that specifies the criteria for users who will be synchronized from the on-premises Active Directory to the Azure AD tenant.
To accomplish the goal of syncing only users with a UPN suffix of contoso.com in the contoso.local domain, the following steps can be taken:
- Open the Synchronization Rules Editor from the Azure AD Connect installation directory.
- Create a new inbound synchronization rule.
- Specify the criteria for selecting the users who should be synchronized. This can be achieved by using a filter that matches the desired UPN suffix, e.g., "userPrincipalName ends with contoso.com".
- Configure the rule to perform a full import and synchronize operation.
Once the custom synchronization rule has been created, only users with a UPN suffix of contoso.com in the contoso.local domain will be synchronized to the Azure AD tenant, which meets the stated goal.
Therefore, the answer is A. Yes.