Prevent Users with GivenName Attribute from Being Synced to Azure AD | SEO Tips and Tricks

Preventing Users with GivenName Attribute from Being Synced to Azure AD

Prev Question Next Question

Question

Your network contains an on-premises Active Directory domain named corp.contoso.com.

You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com.

You sync all on-premises identities to Azure AD.

You need to prevent users who have a givenName attribute that starts with TEST from being synced to Azure AD. The solution must minimize administrative effort.

What should you use?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

A

Use the Synchronization Rules Editor and write attribute-based filtering rule.

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-change-the-configuration

The correct answer is A. Synchronization Rules Editor.

To prevent users who have a givenName attribute that starts with TEST from being synced to Azure AD, you need to create a synchronization rule that excludes these users during the synchronization process.

Azure AD Connect is the tool that synchronizes your on-premises identities with Azure AD. The wizard can be used to configure the synchronization settings, but it does not provide granular control over the synchronization rules.

The Web Service Configuration Tool is used to configure and manage the Web Services for Azure AD Connect, and it is not related to the synchronization rules.

Active Directory Users and Computers is a management tool for your on-premises Active Directory domain, and it is not related to the synchronization process with Azure AD.

Therefore, the correct answer is A. Synchronization Rules Editor. The Synchronization Rules Editor is a feature of Azure AD Connect that allows you to create, modify, and delete synchronization rules. To prevent users who have a givenName attribute that starts with TEST from being synced to Azure AD, you can create a new synchronization rule that excludes these users based on their attribute values. This can be done by following these steps:

  1. Open the Synchronization Rules Editor.
  2. Click on "Add new rule".
  3. Enter a name for the new rule, such as "Exclude users with TEST givenName".
  4. Set the "Connected System" to "Active Directory Domain Services".
  5. Set the "Connected System Object Type" to "user".
  6. Set the "Metaverse Object Type" to "person".
  7. Set the "Link Type" to "Join".
  8. Set the "Precedence" to a value higher than the default rules.
  9. Set the "Description" to something descriptive, such as "Exclude users with givenName starting with TEST".
  10. In the "Transformations" section, click on "Add transformation".
  11. Set the "Source" to "person", and the "Target" to "person".
  12. Set the "FlowType" to "Expression".
  13. Enter the following expression in the "Expression" field: ![givenName].StartsWith("TEST") ? null : [givenName]
  14. Click on "OK" to save the transformation.
  15. Click on "Save" to save the new synchronization rule.

This synchronization rule will exclude all users with a givenName attribute that starts with TEST from being synced to Azure AD, and it will minimize administrative effort by automating the process.

Prev Question Next Question