dirsync filtering

MSExchangeGuru.comLearn Exchange the Guru way !!!

HOME THE TEAM CONTACT US -MS EXCHANGE GURU DISCLAIMER

« Exchange 2013 mailflow explained Released – Update Rollup 4 for Exchange

Server 2010 Service Pack 2 »

Office 365 DirSync Filtering

How many of you knew that we never had an option to partially sync your AD infrastructure to

the Microsoft cloud using DirSync tool? Until now, one of the problems of DirSync was that it

would sync your entire AD to Office 365. This means that if you had 10,000 AD users and only

wanted 500 in Office 365, you would have all 10,000 users listed in Office 365… There were a

couple of methods of excluding certain objects, but none supported by Microsoft. With the latest

release it is now possible to set a filter and sync your Active Directory using Microsoft Directory

synchronization tool.

Introduction

If you subscribe to Microsoft Office 365 (with the exception of the Small Business Plan) and your

company already has users in a local Active Directory [AD] environment, you can use the

Microsoft Online Services Directory Synchronization [DirSync] tool to synchronize those users to

your Office 365 directory.

By using DirSync, you can keep your local AD in constant synchronization with Office 365 so that

any changes made to users such as contact updates for example, are propagated to Office 365.

This allows you not only to create synchronized versions of each user account and group, but also

allows Global Address List [GAL] synchronization from your local Exchange environment to

Exchange Online.

Synchronization

Until now, one of the problems of DirSync was that it would sync your entire AD to Office 365.

This means that if you had 10,000 AD users and only wanted 500 in Office 365, you would have

all 10,000 users listed in Office 365… There were a couple of methods of excluding certain

objects, but none supported by Microsoft.

DirSync Filtering has been possible for early Office 365 for Education customers but now it is

available to all customers, allowing you to easily exclude Organizational Units [OUs], for example,

from being synchronized. Let’s have a look.

DirSync is simply a pre-configured Microsoft Identity Integration Server [MIIS] installation specific

for Office 365 integration. What some administrators don’t know is that MIIS can be customized

by using the MIIS Client located at:

• 32-bit: %SystemDrive%\Program Files\Microsoft Online Directory Sync\SYNCBUS\UIShell

• 64-bit: %SystemDrive%\Program Files\Microsoft Online Directory

Sync\SYNCBUS\Synchronization Service\UIShell

WARNING: Before we proceed, please be very careful when using MIIS Client as it can cause

harm to your office 365 environment if not used properly!

Filtering

At the time of writing of this post, there are 3 filtering options that can be applied to DirSync:

1. Organizational Units based, which allows you to select which OUs are to be synced to

the cloud;

2. Domain based, allowing you to select which domains are synchronized to the cloud;

3. User attribute based, enabling you to control which objects shouldn’t be synchronized

to the cloud based on their AD attributes.

NOTE: If you have already run DirSync and synced all your AD into Office 365, the objects that

you now filter will no longer be synchronized and will be deleted from the cloud! If you excluded,

and subsequently deleted objects because of a filtering error, you can easily re-create them in the

cloud by removing the filter and then syncing the directories again.

Organizational Units Based Filtering

1. Log on to the computer that is running DirSync by using an account that is a member of

the MIISAdmins local group;

*

CategoriesAutodiscover

Best Practices

Blackberry

CAS

Clustering

Database Management

Disaster Recovery

Exchange 2003

Exchange 2007

Exchange 2010

Exchange 2013

Exchange ActiveSync

Exchange Tools

ExMerge

Export Mailbox using Shell

GFI

Lync

Miscellaneous blabberings

msExch Attributes

OAB/OAL

OCS

Office 365

Online and Offline Defrag

Outlook

OWA

Powershell

Public Folders

Recovery

Recovery Storage Group

Scripting

Site Updates

Tech Buzz

Tips

Uncategorized

ArchivesJune 2013

May 2013

April 2013

March 2013

February 2013

January 2013

December 2012

November 2012

October 2012

September 2012

August 2012

July 2012

June 2012

May 2012

April 2012

March 2012

February 2012

January 2012

December 2011

November 2011

MSExchangeGuru

Like 562

MVP Exchange

Subscribe to MSExchangeGuru

Email Address

Preferred Format

�� HTML

�� Text

�� Mobile

Subscribe

unsubscribe from list

powered by MailChimp!

Follow Us!

Recent CommentsBlog Posts of the Week (2nd -

8th June 2013) - The South

Asia MVP Blog - Site Home -

TechNet Blogs on Load

Balancing Exchange Server

2013 – Good to know stuff

Read This on Yammer –

Microsoft’s social networking

trump card

of 9Office 365 DirSync Filtering « MSExchangeGuru.com

6/14/2013http://msexchangeguru.com/2012/08/10/office-365-2/

2. Open MIIS by running miisclient.exe;

3. In Synchronization Service Manager, click Management Agents and then double-

click SourceAD;

4. Click Configure Directory Partitions and then click Containers;

5. When prompted, enter domain credentials for your on-premises domain and then click

OK;

October 2011

September 2011

August 2011

July 2011

June 2011

May 2011

April 2011

March 2011

February 2011

January 2011

December 2010

November 2010

October 2010

September 2010

July 2010

June 2010

May 2010

April 2010

February 2010

January 2010

November 2009

October 2009

September 2009

July 2009

June 2009

erich on Mystery of vanishing

outlook meeting requests –

SOLVED!!!

Prabhat Nigam on Exchange

2010 Cross Site DAG Disaster

Recovery: Data Center/AD

site failure Part 2

DJ on Exchange 2010 Cross

Site DAG Disaster Recovery:

Data Center/AD site failure

Part 2

Other cool placesFlipping Bits

Lets Exchange

MSExchangeTeam

PowerWindows



6. In the Select Containers dialog box, clear the OUs that you don’t want to sync;

7. If you click in Advanced… you will be able to further control which OUs to include and

exclude;

8. Click OK three times;

9. On the Management Agent tab, right-click SourceAD, click Run, click Full Import Full Sync and then click OK to perform a full sync;

© 2012MSExchangeGuru.com

All Rights Reserved | Privacy

Policy

Entries (RSS) and Comments

(RSS).



10. Once finished, you can check the results at the bottom left corner of the window.

Domain Based Filtering





click SourceAD;



4. Click Configure Directory Partitions and then select the domains that you want to

synchronize. Because in my environment there is only one domain, I only get one domain

listed. To exclude a domain simply clear its check box;

5. Click OK;

6. On the Management Agent tab, right-click SourceAD, click Run, click Full Import Full Sync and then click OK to perform a full sync;




User Attribute Based Filtering

As the name suggests, this third option can only be applied to user objects. It is possible to filter

contacts and groups, but these use other and more complex filtering rules.

To exclude users from filtering, we can utilize around 114 AD attributes. For example, you can set

extensionAttribute10 to “noOffice365″ for all the users you don’t want to sync and then create a

filter rule to exclude these from synchronization. After you configure in AD the attribute you want

to look, here’s how you configure MIIS:





click SourceAD;

4. Click Configure Connector Filter;



5. Select user in the Data Source Object Type column. In here you can see some

examples of accounts being excluded already such as Exchange System mailboxes or the

MSOL_AD_Sync account used by DirSync;

6. Click New;

7. In Filter for user, on the Data Source attribute, select extensionAttribute10. For

Operator select Equals and then type noOffice365in the Value field. Click Add Condition and then click OK;



8. Click OK again;

9. On the Management Agent tab, right-click SourceAD, click Run, click Full Import

Full Sync and then click OK to perform a full sync;


Nuno Mota

Microsoft MVP – Exchange server

Team @MSExchangeGuru

keywords: using Office 365 dirsync tool, office 365 dirsync tool, dirsync tool

Posted August 10th, 2012 under Exchange Tools, Office 365. RSS 2.0 feed. Leave a

response, or trackback.

10 Responses to “Office 365 DirSync Filtering”

1. Shyam Madeti Says:August 11th, 2012 at 10:54 pm



dirsync filtering

Documents