AADConnect: User Writeback: Filtering user objects from the cloud


I recently installed the Preview #2 of Azure Active Directory Connect (AADConnect) in on my testlab with user write-back feature enabled.

Sadly there is currently no possibility to filtering objects that are created in the cloud, so they get not provisioned to the on-premise directory.

I already provided that as a feedback to connect and I assume there will be some filtering OOB in future/final release.

As a workaround you can do the following to modify the sync rules on your own:

Start Sync Rule Editor and locate the rule named “In from AAD – User Join SOAInAAD

AADUserFilter1

Click “Edit” to modify that synchronization rule.

Go to the Scoping filter tab and click “Add Clause” and enter the following clause:

Attribute: userPrincipalName
Operator: NOTCONTAINS
Value: .onmicrosoft.com

AADUserFilter2

For testing you can pick a user with a default domain in UPN from the connector space and do a preview “Full Sync” on it. As you can see the object will not be projected into MV and therefore not provisioned to on-premise AD. Currently connected objects will be disconnected and deprovisioned from AD.

AADUserFilter3

Advertisements

About Peter Stapf
Senior Consultant Identity and Access MVP (Enterprise Mobility)

3 Responses to AADConnect: User Writeback: Filtering user objects from the cloud

  1. erik williams says:

    Our company started out last year on O365. We now have a server and downloaded AADConnect to implement user writeback. I do not see that feature anymore. Was it pulled or do I not have the proper Azure License. Currently AAD Premium via O365 $6/month

    • Peter Stapf says:

      Hello,
      yes user writeback will be a AAD Premium feature but remember it is still in preview.
      So you might have some issues implementing that in production.
      On my latest tests I have issues with password sync if user writeback was enabled.

  2. Peter Stapf says:

    I see some notes in the Azure AD technet forum that this feature was removed from the current build. I saw that also im my last deployment with the lastest version.

    Maybe this feature will get back into AADC when this feature ist GA

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: