Exchange 2016 Hybrid deployment – Part two

<a href="https://marcoschiavon.net/exchange-2016-hybrid-deployment---part-one/">Exchange 2016 Hybrid deployment - Part one</a><br><a href="https://marcoschiavon.net/exchange-2016-hybrid-deployment---part-two/">Exchange 2016 Hybrid deployment - Part two</a><br><a href="https://marcoschiavon.net/exchange-2016-hybrid-deployment---part-three/">Exchange 2016 Hybrid deployment - Part three</a>

<a href="https://marcoschiavon.net/exchange-2016-hybrid-deployment---part-one/">Exchange 2016 Hybrid deployment - Part one</a><br><a href="https://marcoschiavon.net/exchange-2016-hybrid-deployment---part-two/">Exchange 2016 Hybrid deployment - Part two</a><br><a href="https://marcoschiavon.net/exchange-2016-hybrid-deployment---part-three/">Exchange 2016 Hybrid deployment - Part three</a>

Now we have the AdConnect in “staging-mode” and we need to create some rules to import only the object that we need.

Before continue, see this guide to understand the staging mode before go live with your Ad environment.

Now we have the AAD connector in staging mode, i’ll do an export to see the situation before create my custom rules on the AAD rule editor.

As you can see, without filters, we will export a lot of things!

Now we create two “positive filter” rules to import only the “object” that has a value of “sync” in the custom attribute 1 – (from Microsoft : The positive filtering option requires two sync rules. You need one rule (or several) with the correct scope of objects to synchronize. You also need a second catch-all sync rule that filters out all objects that haven’t yet been identified as an object that should be synchronized.)

First rule the “user” with “sync” properties into custom attribute 1 :

Open the AD Sync Rules Editor and add a new rule direction “inboud“

Select your AD, set USER, then PERSON, JOIN and precedence 50 (less than 100 that is the lowest default rule)

On the Scoping filter On the Attribute, add the extensionAttribut1 (it corresponds to the Exchange custom attribute 1) , select EQUAL and than, as a value, type what you decided.. in my case i add “sync”.

Now, in the Transformations , select Constant cloudFiltered and set to FALSE.

Setting to FALSE meas if the user has the “sync” property, it will be Synced!

Now we create a rule to avoid syncing all other object.

Leave empty the “scoping filter and the Joind rules“

And in transformation set the TRUE on “cloudfiltered” , but in this case true so, in this way we excluded all users object to be synced on the AAD.

Setting to TRUE, in this case, means not will be Synced!

So now disable the Adconnect “staging mode” and perform a sync.

Now check the imported users on the Cloud and you will see only the users who have the “sync” in the Exchange custom attribute 1.

We continue on the next post…..

<a href="https://marcoschiavon.net/exchange-2016-hybrid-deployment---part-three/">Exchange 2016 Hybrid deployment - Part three</a>

1	<a href="https://marcoschiavon.net/exchange-2016-hybrid-deployment---part-three/">Exchange 2016 Hybrid deployment - Part three</a>

Leave a Reply Cancel reply