Friday, 24 May 2013

How to correctly apply Directory Synchronization (DirSync) filters plus some useful observations

When applying Connector Filters to Source AD Management Agent on Directory Synchronization tool (DirSync) for Office 365, although it looks like you can put few conditions in one filter, however in practice it didn't work for me.

Here is the attempt on putting multiple conditions in one filter to apply on the user object, which didn't work:

When you apply new filters, the incremental sync normally doesn't pick up the changes. In order to force the new filters, you need to run a "Full Import Full Sync" on the source AD.

Here are the same conditions, but each created as a separate filter. This is the working configuration:

Once this was done, a Full Import Full Sync on the source AD was able to pick up the changes which can be viewed under Filtered Connectors. In my case you can see there are 89 Filtered Deletions which are basically the result of user filters applied.

Now a Full Confirming Import on the "TargetWebService" Management Agent would delete those 89 users from Office 365.

Two more observations:
1. Condition values are not case sensitive. So if you want to filter out user account which start with svc, you don't need to be worried about case sensitivity.

2. it seems to be a delay for the deleted users to actually disappear from the Office 365 portal. so if you add new filters, and confirm that filters are applied on DirSync, you may not see the changes on the Office 365 portal immediately.

No comments:

Post a Comment