An organization plans to migrate to Office 365. You use Azure AD Connect.
Several users will not migrate to Office 365. You must exclude these users from synchronization. All users must
continue to authenticate against the on-premises Active Directory.
You need to synchronize the remaining users.
Which three actions should you perform to ensure users excluded from migration are not synchronized? Each
correct answer presents part of the solution.
A.
Run the Windows PowerShell command Set-MsolDirSyncEnabled -EnableDirSync $false.
B.
Perform a full synchronization.
C.
Populate an attribute for each user account.
D.
Configure the connection filter.
E.
Disable the user accounts in Active Directory.
Explanation:
D: With filtering, you can control which objects should appear in Azure AD from your on-premises directory. For
example, you run a pilot for Azure or Office 365 and you only want a subset of users in Azure AD.
C: Attribute–based filtering: This option allows you to filter objects based on attribute values on the objects. You
can also have different filters for different object types.
B: After you have made your configuration changes, these must be applied to the objects already present in the
system. It could also be that objects not currently in the sync engine should be processed and the sync engine
needs to read the source system again to verify its content.
If you changed configuration using attribute filtering, then you need to do Full synchronization.
https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnectsyncconfigure-filtering/