question

BenWosjke-0694 avatar image
0 Votes"
BenWosjke-0694 asked TDeman answered

AADconnect, do not sync unknown suffix to default domain in O365

take the following config

  • On premise AD domain with a UPN suffix of AD.Local

  • UPN suffix is added for AD.com

  • Some users are set to use AD.com as their UPN suffix, others are left at AD.local

  • O365 is configured with a verified doamin of AD.com and the default domain of ad.onmicrosoft.com

in early builds of AADConnect, only accounts with update UPN's of AD,com would be sync'ed.
Now (im not sure exactly when this changed), an account that has AD.local as its UX suffix will be sync'ed and get the default domain suffix in O365... so AD.com

I've searched everywhere i can think of - but i cant find a way to turn this off. We only want accounts with the correct UPN suffix to be sync'ed.... if the UPN suffix is not one matched in O365 - dont sync the account.


azure-active-directory
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

TDeman avatar image
1 Vote"
TDeman answered

Hello @BenWosjke-0694,

since the first version of ADConnect, all accounts with a not verified domain are synchronized and defined with the default .onMicrosoft.com.

I suppose that a specific rule was done to filter only accounts with the correct domain, or perhaps only Organizational units with accounts well formed were synchronized.

Probably one of these filters have been lost after an update or a reinstallation of ADConnect. Sample of filtering are indicated in this page.

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering

In your case, you should use attribute filtering on " userPrincipalName" using the operator "ENDSWITH" with the value "@AD.COM".

Regards,

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.