A huge request I get from my education customers deploying Office 365 for Education is how do you filter out OUs, Domains or users from a Dirsync Appliance?  The answer prior to this week was you could enable filtering within Dirsync however it was in an unsupported manner.  


Great news now that soft-delete has been enabled in Office 365 last week you now have to ability to ‘rollback’ deleted users from the tenant for up to 30 days.  With this new capability, we also now support Dirsync filtering at the OU, Domain or attribute level.


Soft-Delete capability



new dialog box when you delete a user



New restore option




Restored account


Dirsync filtering

To enable Dirsync filtering:


1) On the Dirsync Server, Run MIISCLIENT.exe from \Program Files\Microsoft Online Directory Sync\SYNCBUS\Synchronization Service\UIShell for 64-bit


MIISclient running


2) Click Management Agents

3) Double click ‘SourceAD’

4) Click ‘Configure Directory Partitions’

5) Uncheck OUs or Domains you don’t want to sync over


Filter by AD partitions


6) Go to Step 8 below


To filter by Attribute:

Change step 4 above to:

4) Click ‘Configure Connector Filter’


5) Select ‘user’ under ‘Data Source Object Type’ and New. Pick an attribute to filter on such as ‘extensionAtrribute1’ and put in a value like ‘NoSync’


Example: Dirsync filters all objects with extensionAttribute1=NoSync


6) Click ‘Add Condition’

7) Click OK

8) Perform Full Sync

Click Management Agent



Full Import Full Sync