locked
Office365 to internal AD adconnect/adfs - where are users managed RRS feed

  • Question

  • I have 200 users in Office 365. 100 of these users have accounts on our internal AD. I want to implement AD connect and ADFS but only for the 100 users already in the internal AD. I want the other 100 to solely remain in Office 365 as they have no need to have a presence on the internal AD.

    I seem to recall that once you implement AD connect and ADFS, the management of accounts has to be done only in the internal AD - can you be granular in setting which accounts participate in the AD connect / ADFS setup?


    Friday, September 16, 2016 6:30 PM

All replies

  • Hi, you can use "Filtering" feature in the AAD Connect 

    Check the under Organizational-unit–based filtering

    https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnectsync-configure-filtering


    Regards

    Sakthis Kumar 
    - Microsoft Certified Professional 
    - Microsoft Certified Systems Engineer 

    Kindly click "Mark as Answer" on the post that helps you, this can be beneficial to other community members reading the thread.

    Saturday, September 17, 2016 8:01 AM
  • While it is true you can synchronize just a subset of your on-premises users, if you want to use ADFS, it means the domain of your user has to be set to: Federated.

    You cannot have Managed (cloud based only user) and Federated users in the same domain. They could be in the same directory, but they cannot have the same domain (hence not the same suffix for authentication).

    Why do you want to deploy ADFS for Office 365 in your case?


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Saturday, September 17, 2016 11:42 PM