Prevent Synchronization of Users with Specific Attribute in Azure AD Connect

Prevent Synchronization of Users with Specific Attribute in Azure AD Connect

Prev Question Next Question

Question

Your network contains an Active Directory forest named contoso.com that is linked to an Azure Active Directory (Azure AD) tenant named contoso.com by using Azure AD Connect.

You need to prevent the synchronization of users who have the extensionAttribute15 attribute set to NoSync.

What should you do in Azure AD Connect?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

C.

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-change-the-configuration

To prevent the synchronization of users who have the extensionAttribute15 attribute set to NoSync, you need to create an inbound synchronization rule in Azure AD Connect. The correct answer is therefore A: Create an inbound synchronization rule for the Windows Azure Active Directory connector.

Here is a more detailed explanation:

Azure AD Connect is a tool used to synchronize objects between your on-premises Active Directory domain(s) and Azure Active Directory. When objects are synchronized, their attributes are also synchronized. In this case, you want to prevent the synchronization of users who have the extensionAttribute15 attribute set to NoSync.

To accomplish this, you need to create an inbound synchronization rule. Inbound synchronization rules are used to map objects and attributes from the on-premises Active Directory domain(s) to Azure AD.

Here are the steps to create an inbound synchronization rule:

  1. Open the Azure AD Connect configuration wizard.
  2. Select the Customize synchronization options option.
  3. Select the Synchronize selected domains and OUs option.
  4. Select the domain and OUs you want to synchronize.
  5. On the Optional features page, select the Directory extensions option.
  6. Select the extensionAttribute15 attribute.
  7. In the Select attributes dialog box, set the value for the extensionAttribute15 attribute to NoSync.
  8. Create a new inbound synchronization rule for the Windows Azure Active Directory connector.
  9. In the Inbound synchronization rule editor, specify the following settings: a. Name: Give the rule a descriptive name. b. Connected data source: Choose the Active Directory Domain Services connector. c. Object type: Choose User. d. Scoping filter: Add a filter to exclude users with extensionAttribute15 set to NoSync. e. Attribute flow: Map the necessary attributes from the source to the destination.
  10. Save the new rule and run a synchronization cycle.

In summary, to prevent the synchronization of users who have the extensionAttribute15 attribute set to NoSync, you need to create an inbound synchronization rule for the Windows Azure Active Directory connector, and specify a filter to exclude users with that attribute value.

Prev Question Next Question