Managing Object Filters
Start course

If your organization uses Active Directory (AD) for its identity management, and you would like to use those identities in Azure or Microsoft 365, then you will need to implement Azure Active Directory Connect.

This course is divided into three sections. The first section is on designing an identity strategy. In this section, we'll look at our AD identities and consider what work needs to be done and what we need to think about ahead of time. The second section is on implementing identity synchronization using AD Connect. We will consider what needs to be synced and what authentication options are available. In the last section, we'll look at managing identity synchronization using Azure AD Connect. We'll look at what it takes to manage and sync and reconfigure options after AD Connect has been initially configured.

Learning Objectives

  • Design a hybrid identity solution
  • Implement Azure Active Directory Connect
  • Manage synchronized identities

Intended Audience

  • Azure administrators
  • Microsoft 365 administrators


  • Basic understanding of Active Directory and Office 365
  • To do the examples yourself, you will need an on-premises Active Directory structure and an Azure subscription

Next up we're gonna take a look at object filters and how that affects sync, and how we can configure it. During our initial setup of Azure AD Connect, we set an option to filter out all of the OU's apart from one, to be synced up to Azure AD. But we can still change this, and change the filtering options, by going to connectors within synchronization's service manager for Azure AD Connect. And if we select active directory domain services connector, and go to properties, we'll see a bunch of options in here, for things like the attributes that we want to sync, and object types, et cetera. 

But if we go to configure directory partitions here, we see we've got some options for the domain, of what directory partitions we want to sync, and the domain controllers we want to use, et cetera. But if we go down to containers at the bottom here, it will ask us for some credentials to start with to connect to the domain. Now this could be any set of credentials that has access to read and write attributes for the domain though, so I put my details in here for a domain admin role, and I click on OK, it'll open up and give me a selection box, for the OU's that I want to select. 

So obviously we've got corp users here, that's what we originally setup, but I want to sync the service accounts as well. So I simply tick that, go OK, close it, and off you go. So if we go into our Azure console, go to Azure active directory, and look for the users, let's look for our test user to make sure that it's not already synced up there. So there you go. No users found for test. So we go back to our sync service manager, and trigger another sync, and once that's finished, give it a couple of moments, and go over to the Azure AD console again, and let's search for the test user. And there we go, our test user is in our list of users in the cloud.

About the Author

Matt is a freelance system administrator with over 20 years of experience in IT. His current focus is on the great features of Microsoft Azure and Office 365. He’s always had a fascination for anything techie and loves learning and sharing that knowledge.