DirSync and excluding domains in a forest


  • My understanding is that DirSync is preconfigured to sync all users in an AD forest regardless of their UPN. So if we have users with a UPN suffix of "abc.com" and other users with a suffix of "abc.net" it will sync all of them even if we have only verified "abc.com" as a federated domain?

    If the answer is yes, is it supported or even possible to use the MIIS client to filter out entire domains in the forest from being synced? If all users in our forest were synced we would far surpass the 20,000 object limit of Office 365.

    Any help would be appreciated.

    29 กุมภาพันธ์ 2555 0:21


  • So, users with UPN's (and more specificially, primary SMTP addresses) in a domain that has not been verified in MOAC will be created as user@domain.microsoftonline.com (whatever your MODRD, or Default Routing Domain, was created as).

    Unfortunately, it is NOT supported to modify ILM/FIM.  It is not licensed for it and any modification is a breach of contract.  If you purchase ILM/FIM SKU's to perform this, you may do so, but the support teams will not support the environment.

    If you are worried about the object limit, simply submit a service request and it can be raised easily. 


    • เสนอเป็นคำตอบโดย Daniel Trautman 12 มีนาคม 2555 22:53
    • ทำเครื่องหมายเป็นคำตอบโดย tpullins 14 มีนาคม 2555 5:28
    12 มีนาคม 2555 22:53