locked
DirSync and excluding domains in a forest

    Question

  • My understanding is that DirSync is preconfigured to sync all users in an AD forest regardless of their UPN. So if we have users with a UPN suffix of "abc.com" and other users with a suffix of "abc.net" it will sync all of them even if we have only verified "abc.com" as a federated domain?

    If the answer is yes, is it supported or even possible to use the MIIS client to filter out entire domains in the forest from being synced? If all users in our forest were synced we would far surpass the 20,000 object limit of Office 365.

    Any help would be appreciated.

    Wednesday, February 29, 2012 12:21 AM

Answers

  • So, users with UPN's (and more specificially, primary SMTP addresses) in a domain that has not been verified in MOAC will be created as user@domain.microsoftonline.com (whatever your MODRD, or Default Routing Domain, was created as).

    Unfortunately, it is NOT supported to modify ILM/FIM.  It is not licensed for it and any modification is a breach of contract.  If you purchase ILM/FIM SKU's to perform this, you may do so, but the support teams will not support the environment.

    If you are worried about the object limit, simply submit a service request and it can be raised easily. 


    www.insecurityinc.info

    • Proposed as answer by Daniel Trautman Monday, March 12, 2012 10:53 PM
    • Marked as answer by tpullins Wednesday, March 14, 2012 5:28 AM
    Monday, March 12, 2012 10:53 PM

All replies

  • Has anyone faced a similar issue?
    Friday, March 02, 2012 5:49 PM
  • One more bump and I'll go ahead and see for myself I suppose.
    Tuesday, March 06, 2012 8:23 PM
  • So, users with UPN's (and more specificially, primary SMTP addresses) in a domain that has not been verified in MOAC will be created as user@domain.microsoftonline.com (whatever your MODRD, or Default Routing Domain, was created as).

    Unfortunately, it is NOT supported to modify ILM/FIM.  It is not licensed for it and any modification is a breach of contract.  If you purchase ILM/FIM SKU's to perform this, you may do so, but the support teams will not support the environment.

    If you are worried about the object limit, simply submit a service request and it can be raised easily. 


    www.insecurityinc.info

    • Proposed as answer by Daniel Trautman Monday, March 12, 2012 10:53 PM
    • Marked as answer by tpullins Wednesday, March 14, 2012 5:28 AM
    Monday, March 12, 2012 10:53 PM