In a real world scenario, a lot of companies have their policies that don’t pull everything from Active Directory and Sync with Sharepoint User Profile. For example, if you have a service account in your AD and you don’t want to sync with AD, some companies have certain employee types they don’t want imported, or we want to exclude disabled users from the synchronization.

To exclude certain users from syncing to SharePoint, we have to apply the connection filter in the MIM (ADMA). In our scenario, we want to exclude Temporary Employees (which employee type is equal to T and Disabled Users). Let's start.

  • Click Start Windows and click Synchronization Service.
  • Click on Management Agents in the ribbon and then double-click the ADMA.2016-04-02_19h22_42
  • On the Properties popup, under the Management Agent Designer, click on Select Attributes and in Select Attributes check the required attributes (Employee Type and UserAccessControl). Now click OK.2016-04-02_19h25_302016-04-02_19h26_03
  • This will close the ADMA agent. Now reopen the properties of it.
  • Select the Configure Connector Filter (1), select the User (2) and then click New (3).2016-04-02_19h26_27
  • On the Filter for User window, in the Data Source Attribute, click Employee Type (1). Then under Operator select Equals (2), under Value put the value T (3) and click Add Condition (4).
  • Repeat the same for the userAccountControl and click OK (5).2016-04-02_19h27_36
  • On the Properties page, you will see both exclusions added. Click OK.
  • Run Full Synchronization (Start-SharePointSync). Once it is completed successfully, you will see that all disabled users and all temporary employees are excluded.

You can apply a single filter or multiple filters as per your requirement.

See Also:

Please see other parts of this series.
  1. SharePoint 2016 User profile Service Step by Step: Installation of MIM 2016
  2. SharePoint 2016 User profile Service Step by Step: Configuration of MIM 2016
  3. MIM 2016 with SharePoint 2016 User Profile service: Import Custom Property from Active Directory
  4. SharePoint 2016 User profile Service and MIM: Apply the Connection Filter
  5. MIM with SharePoint Server 2016 User profile: Add more Active Directory Domain for Synchronization.

Additional Resources:

Please read these other posts about the MIM and User Profile Service.