Few of the articles are posted as Images, Please use Laptop / Computers to go through the articles for best experience. For phone users, switch to Web Version

Please Share with your colleagues if you found these blogs informative. Happy Learning :-)

Stop Syncing Onprem AD Users to Entra ID using Sync Rule Editor

Use case - Stop Syncing Onprem AD Users to Entra ID.

Example - I have bunch of Users naming Dummyuser1, Dummyuser2, .... Dummyuser10 & initially there are syncing to Entra ID.

I also have an Onprem AD Group named "DenySyncingADUsers_Cloud". I need to implement a scenario where Users named "Dummyuser1, Dummyuser2 , Dummyuser3 & Dummyuser9" should not be Syncing to Entra ID.


Initial View






























Steps

1. Login to your AzureAD Connect Server & Navigate to Sync rule Editor ( Start --> Search for Synchronization Rule Editor )

2. Choose direction as Inbound since this rule is from Onprem to Entra AD & click on Add New rule.















3. Fill the below details - 

Name - Name of the Rule
Description - Brief description about the rule.
Connected System - Onprem Domain
Connected System Object Type - What's the object type in Onprem domain for which you are creating the rule. ( User )
Metaverse Object Type - What the object type in Entra AD for which you are creating the rule. (Person)
Link Type - Join
Precedence - Priority of the rule.

















4. Once filled, click next & apply Scoping filter.

Scoping would be - DN is member of "AD Group". This means any object that is member of "AD Group" would be considered under this rule.

In this case it would be : "User Object DN" is member of "DenySyncingADUsers_Cloud DN"


















5. We will leave the Join rules as it is. Under Transformations, we can set a constant "Cloudfiltered" to true. This means any object that is impacted due to this rule will have Cloudfiltered set to "TRUE"..









6. Click Finish. Rule would be created. You need to wait for the next Sync cycle to run or you can manually trigger the Sync as well.

7. Testing the results. First adding the accounts that we don't want to Sync anymore.











8. Initiating Manual Sync using below command






9. Observing the results. You won't see Dummyuser1,2,3 & 9 in Entra AD now post Sync.

















No comments:

Patch Installation via Command Line

Two Step Process
1. Expand "*.MSU" file & extract all the files within it.
2. Using "*.CAB" file against DISM command for installation.

Steps
1. I have a .Net Patch on my desktop. To start with the installation, I will first navigate to my patch location using CD command. ( In this example, it's under desktop )
























2. Once done, Expand the "*.MSU" file using below command.
Syntax - Expand -f:* "MSUFile" "Pathwhere you want to extract.

In this case, i have created a folder name "ExtractedCAB" & i will be extracting all the files inside this folder.




















3. We will now navigate inside the "ExtractedCAB" using CD command again & use the main CAB file against DISM command to deploy the patch.

Command - Dism.exe / Online /Add-Package /PackagePath: "CABfilelocation"
















4. Once done, it will ask for restart, Press Y & post reboot verify Patch installation status either using Control panel or through cmdlets such as Get-hotfix.










No comments:
Subscribe to: Posts (Atom)