How to modify an existent filter rule and validating what changes in the Azure Active Directory using AAD Sync.
To demonstrate how a change in existent filter rules can impact the environment, we are going to use the following scenario where we have 5 users under Corporate Users OU (that is the only OU that is being replicated to Azure Active Directory), and the users have either @patricio.uy or @patricio.ca on their username as part of their UPN.
Before performing any changes, we will check the Azure Active Directory, and we can notice that only the users that have the UPN @patricio.uy are being replicated, as shown in the figure below.
Note: Don’t worry about the patricioIT.onmicrosoft.com for this Tutorial, and the reason of that issue is the domains were not configured on the Azure Active Directory side.
Since the users ending with patricio.uy are the only ones that are being synchronized, we looked for an existent filter rule that was causing that behaviour and as a matter of fact, we had a rule created for that purpose. The administrator changed the conditions of the filter to filter all users that had @patricio.uy as shown in the image below.
After that change the administrator can force a full replication using .\DirectorySyncClientcmd.exe initial from command prompt.
The results can be seen on the Azure Active Directory side, all users @patricio.uy were removed and the ones with @patricio.ca are being listed.
In this Tutorial, we went over the process to move a filter rule to change which users will be replicated to the Azure Active Directory.