How to filter objects being synchronized with Microsoft Azure Active Directory

Share this:

By default the AADSync (well the same applies to DirSync) will synchronized your entire Active Directory with Microsoft Azure Active Directory and in most of the cases that is not the ideal scenario. There are a lot of ways to filter what can be synchronized from on-premises to the Cloud and this Tutorial is going to focused on the Organization Unit filtering capabilities.


In this Tutorial we have a simple Active Directory Domain with a couple of accounts and Exchange Server being synchronized with Azure Active Directory, and after the first successful synchronization we can see that we tons of accounts that shouldn’t be there.


The first step to start filtering is opening the Azure Active Directory Sync Services which can be found on C:Program FilesMicrosoft Azure AD SyncUIShell and the utility name is miisclient.exe. The splash welcome screen will be similar to the figure below.


Let’s click on Connectors, and then right-click on the connector that has the FQDN of your on-premises domain, and click on Properties.


In the new page, click on Configure Directory Partitions, and then click on Containers…


A new credentials page will be displayed, type in the AD credentials, and click OK.


That was the default settings that we have in our environment which is generating all those system accounts in the Microsoft Azure Active Directory.


If you use your Organization Units to place users, then make sure that only OUs that have users to be synchronized (you can always go back and add/remove OUs). In our example here, we have users only on the Quebec OU. Click OK twice.


Now, it’s time to force a full synchronization, we show the process how to do that with AADSync in this Tutorial:

After performing a full synchronization, we can check the Azure Active Directory and all our users are the valid ones and they fit in less than a page (well I have only a couple of users in my environment).



In this Tutorial we went through the process to filter the synchronization with Azure Active Directory using Organization Units in the AADSync Tool.

Written by Anderson Patricio

Anderson Patricio

Anderson Patricio is a Canadian MVP in Cloud and Datacenter Management, and Office Server and Services, besides the Microsoft Award he also holds a Solutions Master (MCSM) in Exchange and several other certifications. Anderson has been contributing to the Microsoft Community with articles, tutorials, blog posts, twitter, forums and book reviews. He is a regular contributor here at,, and Anderson (Portuguese).

Related Post

AAD Sync– Creating filter rules using object... Using Microsoft Azure Active Directory Sync tool to filter out objects using the SyncRulesEditor tool. During the installation of the tool the adminis...
How to force the Synchronization using AADSync How to force the synchronization using AADSync. When using DirSync tool there is a PowerShell cmdlet to perform such task, however using the AADSync t...
Azure AD Connect–Forcing synchronization usi... If you are using Azure AD Connect and want to force a synchronization using PowerShell, stick around and we are going over the process.  Solutio...
Managing Synchronization with AAD Connect Using AAD Connect synchronization settings to validate, trigger synchronization and check the status. Solution For those administrators that a...