For steps on how to trigger a password full sync, see Trigger a full sync of all passwords. If you use a build before November 2015 ( ), make a change to a filter configuration, and use password hash synchronization, then you need to trigger a full sync of all passwords after you've completed the configuration. If you delete many objects due to filtering (500 by default), you need to follow the steps in this article to allow the deletes to go through to Azure AD. To protect you from deleting many objects by accident, the feature " prevent accidental deletes" is on by default. After you've completed the configuration steps, we strongly recommend that you follow the verification steps before you export and make changes to Azure AD. Because of this change, any objects in Azure AD that were previously synchronized but were then filtered are deleted in Azure AD.īefore you start making changes to filtering, make sure that you disable the scheduled task so you don't accidentally export changes that you haven't yet verified to be correct.īecause filtering can remove many objects at the same time, you want to make sure that your new filters are correct before you start exporting any changes to Azure AD. If you start with a default configuration of directory synchronization and then configure filtering, the objects that are filtered out are no longer synchronized to Azure AD. In Azure AD Connect sync, you can enable filtering at any time. As a result, Microsoft can't provide technical support for such deployments. Any of these actions might result in an inconsistent or unsupported state of Azure AD Connect sync. Microsoft doesn't support modifying or operating Azure AD Connect sync outside of the actions that are formally documented. This article covers how to configure the different filtering methods. But in Azure AD, you only want active accounts to be present.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |