Your network contains an Active Directory forest named contoso.com that is linked to an Azure Active Directory
(Azure AD) tenant named contoso.com by using Azure AD Connect.
You need to prevent the synchronization of users who have the extensionAttribute15 attribute set to
NoSync.
What should you do in Azure AD Connect?
In Azure AD Connect, filtering which users synchronize is achieved via synchronization rules. The SC-300 study content explains that to exclude objects based on an on-premises attribute (for example, extensionAttribute15=NoSync), you create an inbound rule on the Active Directory Domain Services (AD DS) connector. Inbound rules control the flow of data from AD DS into the metaverse, where you can use a scoping filter to mark objects as filtered (often via the cloudFiltered projection), preventing them from being provisioned to Azure AD. The official guidance highlights that inbound rules on the AD DS connector are used for attribute-based filtering and that export or run profiles (Full Import/Export) do not define logic; they only execute the configured rules. Therefore, to stop users with extensionAttribute15=NoSync from syncing, you create an inbound synchronization rule on the AD DS connector with a condition on that attribute to exclude those users from synchronization.
Currently there are no comments in this discussion, be the first to comment!