question

ThatSecurityGuy-6514 avatar image
0 Votes"
ThatSecurityGuy-6514 asked sikumars commented

Azure AD Connect Rule: Apply transformation based on user group membership

What we're trying to do is make it so that if users are a member of a specified group that AADC will apply different attributes/transforms as needed.
The reason we are opting for a group is training the users to modify attributes directly is too complicated for them and we don't really have a better way at this time. The users know how to modify groups already for other purposes so we thought this would be the best route but weren't sure how.

An example of this would be:
Certain accounts (service or vendor) that are members of a group have a transform that sets the cloudFiltered to True, so they are not synced to Azure AD

Does anyone have any examples or know if it's even possible to have an Azure AD Connect Rule look at a group and then perform a transform on a user/person?

azure-ad-connect
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

sikumars avatar image
0 Votes"
sikumars answered sikumars commented

Hello @ThatSecurityGuy-6514,

Thanks for reaching out.

It's not supported way of using group-member-based filtering with sync rule from Azure AD connect and here are supported filtering options (which already you aware of). Alternative, you could leverage Azure AD connect cloud sync tool so that you get to add multiple groups part of user scope which basically synchronize user objects which are part of those groups added in scope as shown below, but there are few scenarios which is not supported with cloud sync (such as Exchange hybrid, device and group writebach etc..,) and here is detailed comparison between Azure AD connect and cloud sync for your reference. Hope this helps.

194427-image.png

Azure AD Connect cloud sync supported topologies and scenarios: https://docs.microsoft.com/en-us/azure/active-directory/cloud-sync/plan-cloud-sync-topologies

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


image.png (134.0 KiB)
· 2
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ThatSecurityGuy-6514 avatar image ThatSecurityGuy-6514 ·

Thank you @sikumars-msft.
That was what I had thought but wanted to ask to validate.

Once again, thank you.

1 Vote 1 ·
sikumars avatar image sikumars ThatSecurityGuy-6514 ·

Thanks for leveraging Microsoft Q&A forum.

0 Votes 0 ·