You need to prevent the service accounts in Windows AD from syncing with Azure AD

Your company plans to migrate from On-Premises Exchange to Office 365.
The existing directory has numerous service accounts in your On-Premises Windows Active Directory (AD),
stored in separate AD Organizational Units (OU) for user accounts.
You need to prevent the service accounts in Windows AD from syncing with Azure AD.
What should you do?A. Create an OU filter in the Azure AD Module for Windows PowerShell.

Your company plans to migrate from On-Premises Exchange to Office 365.
The existing directory has numerous service accounts in your On-Premises Windows Active Directory (AD),
stored in separate AD Organizational Units (OU) for user accounts.
You need to prevent the service accounts in Windows AD from syncing with Azure AD.
What should you do?A. Create an OU filter in the Azure AD Module for Windows PowerShell.

B.
Configure directory partitions in miisclient.exe.

C.
Set Active Directory ACLs to deny the DirSync Windows AD service account MSOL_AD_SYNC access to
the service account OUs.

D.
Create an OU filter in the Azure Management Portal.

Explanation:
One customer, who was looking for OU level filtering to import selected users from On-Premises active
directory to Office365.
Configure OU level filtering for Office365 directory synchronization.
1. Logged in to your Domain controller
2. Created an OU (Organisational Unit) from your AD (Active Directory)
a. In my case I named it “DirSync”
3. Move all those users you want to sync, to that DirSync OU.
4. From your DirSync Server navigate to <Drive>\\Program Files\\Microsoft Online Directory
Sync\\SYNCBUS\\Synchronization Service\\UIShell
5. Double click on miisclient.exe
6. This opens a console something similar to the below screen capture

Identity Manager, click Management Agents, and then double-click SourceAD.
8. Click Configure Directory Partitions, and then click Containers, as shown in the below screen capture.

11. Click OK on the SourceAD Properties page.
12. Perform a full sync: on the Management Agent tab, right-click SourceAD, click Run, click Full Import
Full Sync, and then click OK.
Etc.

Installing and Configure DirSync with OU level filtering for Office365
URL: http://blogs.msdn.com/b/denotation/archive/2012/11/21/installing-and-configure-dirsync-with-oulevel-filtering-for-office365.aspx



Leave a Reply 4

Your email address will not be published. Required fields are marked *


Azure

Azure

Answer A is in the Question. Where is the test & review ?

Sharbag

Sharbag

‘B’ is correct.

Iain

Iain

D would be the correct current answer:
https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-get-started-custom

In Azure Active Directory Connect (replaces Dirsync) by default all domains and OUs are synchronized. If there are some domains or OUs you do not want to synchronize to Azure AD, you can unselect these domains and OUs.

M

M

The option says the apply filter in the Management Portal whereas the filter needs applied during ADConnect wizard. So the answer B seem to be correct.