I'm trying to configure AD Connect Attribute filtering as per the following Article.
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering?msclkid=cf6842aed07b11ecbd50beed41b05e54#attribute-based-filtering
Using the "positive filtering" but it seems not working at all.
I've created a filter rule as in example using the extendedattribute15 and also tried the attribute "department" but it won't work.
Can anyone help me on that ?
thanks
SC
@sc2111 ,
Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
Hi @sc2111 ,
Thank you for reaching out.
I believe you may have created two separate Sync rules as described in that article, first sync rule to set 'cloudfillter' as False for specific set of users you wanted to synchronise to the Azure AD and second rule ("In from AD – User Catch-all filter") to set 'cloudfillter' as True for all users. Also, second rule's precedence has a higher value than first rule, i.e., if you configured first sync rule with 50 and second rule configured with any value greater than 50 example 51.
Furthermore, I would like you to perform the following steps on the Azure AD connect server which helps us in isolating the problem.
1) Check to see if you can find a user object using metaverse search from Azure AD connect. If you cannot locate the user object, proceed to step 2. If you are able to locate the user, ensure that the user object has the 'cloudfillter' attribute propulated and the value set to 'False,' indicating that a sync rule you created was taking effort.
If you don't see the cloudfillter attribute for the user object, there may be a problem with the newly created sync rule. It is, however, worthwhile to RUN a FULL sync on the Azure AD connect server using the cmdlet 'Start-ADSyncSyncCycle -PolicyType Initial'.
2) If you've configured domai or OU level filtering, make sure the user object is included and hit Sync. Scope
Reference: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-attribute-not-syncing
Kindly update me of the outcome so that I can better assist you with this case.
Hello @sikumars-msft
"I believe you may have created two separate Sync rules as described in that article, first sync rule to set 'cloudfillter' as False for specific set of users you wanted to synchronise to the Azure AD and second rule ("In from AD – User Catch-all filter") to set 'cloudfillter' as True for all users. Also, second rule's precedence has a higher value than first rule, i.e., if you configured first sync rule with 50 and second rule configured with any value greater than 50 example 51."
You're right I've created the first rule to filter by the attribute (precedence 50 ) and the second rule as catch-all rule ( precedence 90 ) , then I disabled the default rule ( precedence 100) 
The filter for the rule is as follow
The metaverse search for the "test" users reported them 
The user that should sync is as follow
The user that should be filtered out is as follow
Thanks
Hello @sikumars-msft
I think that answering to your question I found my mistake.
I thought that creating the two filter rules I needed to disable the default one, but I was obviously wrong.
Enabling it back all is working as expected now.
thanks for your input anyway
Best regards
Stefano
10 people are following this question.
