A huge request I get from my education customers deploying Office 365 for Education is how do you filter out OUs, Domains or users from a Dirsync Appliance?  The answer prior to this week was you could enable filtering within Dirsync however it was in an unsupported manner.  

 

Great news now that soft-delete has been enabled in Office 365 last week you now have to ability to ‘rollback’ deleted users from the tenant for up to 30 days.  With this new capability, we also now support Dirsync filtering at the OU, Domain or attribute level.

 

Soft-Delete capability

 

image

new dialog box when you delete a user

 

image

New restore option

 

 

image

Restored account

 

Dirsync filtering

To enable Dirsync filtering:

 

1) On the Dirsync Server, Run MIISCLIENT.exe from \Program Files\Microsoft Online Directory Sync\SYNCBUS\Synchronization Service\UIShell for 64-bit

image

MIISclient running

 

2) Click Management Agents

3) Double click ‘SourceAD’

4) Click ‘Configure Directory Partitions’

5) Uncheck OUs or Domains you don’t want to sync over

image

Filter by AD partitions

 

6) Go to Step 8 below

 

To filter by Attribute:

Change step 4 above to:

4) Click ‘Configure Connector Filter’

image

5) Select ‘user’ under ‘Data Source Object Type’ and New. Pick an attribute to filter on such as ‘extensionAtrribute1’ and put in a value like ‘NoSync’

image

Example: Dirsync filters all objects with extensionAttribute1=NoSync

 

6) Click ‘Add Condition’

7) Click OK

8) Perform Full Sync

Click Management Agent

SourceAD

Run

Full Import Full Sync

 

image