Skip to main content



In Azure AD Connect, after installation, admins can exclude certain objects (users, OUs,

attributes, groups, etc.) from synchronization. This is typically done during or after

setup to control which parts of your on-premises Active Directory are synced to Azure 

AD.

1. Unchecking Organizational Units (OUs)

During setup or in Azure AD Connect > Synchronization Rules Editor / Configuration Wizard, users can select specific OUs to sync.

👉 If they uncheck an OU, it means:

  • Objects inside that OU (users, groups, etc.) will not be synced to Azure AD.

  • Useful for:

    • Excluding service accounts, test users, or sensitive data.

    • Managing sync scope for performance or security reasons.

📌 Where to find it:
Azure AD Connect > Customize synchronization options > Domain and OU filtering

2. Attribute Filtering (Advanced)

Admins can also exclude attributes from syncing using custom sync rules.

For example:

  • You may want to prevent syncing attributes like employeeID or extensionAttributeX.

  • This requires editing synchronization rules in the Synchronization Rules Editor.

3. Group Filtering (less common)

With group-based filtering, only objects member of a specific AD group is synced.

  • Rarely used, but possible via PowerShell or advanced configuration.

🔧 What Happens After Exclusion?

  • The next sync cycle will remove those excluded users from Azure AD (if they were previously synced).

  • You can trigger a delta sync to apply changes faster:

         Start-ADSyncSyncCycle -PolicyType Delta

🧠 Why This Matters for Infrastructure Engineers:

Being able to scope and control sync protects:

  • Tenant hygiene (avoid clutter)

  • Security (keep internal-only objects private)

  • Licensing (avoid auto-assigning licenses to unnecessary accounts)

Comments

Post a Comment

Popular posts from this blog

  Title: A Guide to Enrolling Devices into Microsoft Intune: Exploring Different Methods. In today’s increasingly mobile workforce, ensuring that devices are secure and compliant is more important than ever. Microsoft Intune provides a comprehensive solution for managing devices, applications, and data—especially as more organizations adopt cloud-based management strategies. However, to effectively manage devices with Intune, they first need to be enrolled. In this article, we’ll explore the three primary methods of enrolling devices into Microsoft Intune : Azure AD Join , Company Portal , and Work or School Account enrollment. Each method has its own use cases and advantages, depending on the organization's needs. 1. Enrolling via Microsoft Entra (Azure AD Join) Azure AD Join is used when an organization wants to fully manage corporate devices in the cloud, with no reliance on on-premises Active Directory (AD). This method is ideal for organizations that have transitioned to...
Post a Comment
Read more

What Is Kubernates?

Kubernates , also called K8s is an open-source platform for automating the deployment, scaling and management of containerized applications. Kubernates develops by Googlw and now maintained by Cloud Native Computing Foundation( CNCF). For example : There are bunch of applications running in containers(Like Docker containers) across many server , we need to Start them Stop them if they crash Move them if a server goes down Scale them up / down Expose them to the network Roll out new versions safely Kubernates automates all of the fuctions mentioned above. Key Functions of Kubernates: Function What it does Orchestration Automatically runs containers across many servers. Scheduling Decides  which server (node)  should run each container. Scaling Adds or removes containers automatically based on load. Self-healing Restarts failed containers, replaces unhealthy on...
Post a Comment
Read more
Title: My MS-102 Certification Journey and Microsoft 365 Internship Experience Published by: Rajeswary Nadarajan Date: 7th July 2025 Introduction Every career journey has a turning point. For me, that turning point was passing the MS-102: Microsoft 365 Administrator certification and beginning my internship in Microsoft 365 administration. Coming from a Desktop Engineer background with over 10 years of experience, I always dreamed of transitioning into cloud and modern IT roles. This post is a reflection of my preparation, achievement, and what I’ve learned during my internship so far. Why I Chose MS-102 I wanted to move beyond on-premise support and gain real skills that employers are looking for in modern IT environments. Microsoft 365 is at the heart of collaboration, security, compliance, and productivity today. After researching certification paths, I found that MS-102 perfectly aligned with my goals: To become proficient in Microsoft 365 identity, access, security, compliance, an...
Post a Comment
Read more