Your company plans to migrate from On-Premises Exchange to Office 365.
The existing directory has numerous service accounts in your On-Premises Windows Active Directory (AD),
stored in separate AD Organizational Units (OU) for user accounts.
You need to prevent the service accounts in Windows AD from syncing with Azure AD.
What should you do?
A.
Create an OU filter in the Azure AD Module for Windows PowerShell.
B.
Configure directory partitions in miisclient.exe.
C.
Set Active Directory ACLs to deny the DirSync Windows AD service account MSOL_AD_SYNC access to
the service account OUs.
D.
Create an OU filter in the Azure Management Portal.
Explanation:
One customer, who was looking for OU level filtering to import selected users from On-Premises activedirectory to Office365.
Configure OU level filtering for Office365 directory synchronization.http://blogs.msdn.com/b/denotation/archive/2012/11/21/installing-and-configure-dirsync-with-ou-level-filteringfor-office365.aspx
The is a Organizational unit–based filtering.
But the preferred way to change OU-based filtering is by running the installation wizard of “Azure AD Connect” and changing domain and OU filtering.
https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-configure-filtering#organizational-unitbased-filtering
I din’t find a way to do this by powershell or azure portal.
The is and old how-to using miisclient.exe (AD Sync i guess): Directory Synchronization – Filtering OUs to Synchronize to Office 365
http://office365support.ca/directory-synchronization-filtering-ous-to-synchronize-to-office-365/
I think this is the old method.