Installed the latest AADSync tool and discovered a number of things
- It is different from the FIM Sync engine for setting attribute flow rules. No room for custom code, although that was not available in the old DIrsync tool but now all those screens have been removed.
- There is the AADSync Rules tool. I wonder is this isn’t the way the next FIM version will look like. I do remember the Product team doing a presentation on upcoming changes and one of which was the elimination of your C#/VB coding and the introduction of a VBA/Sync rule functions. Well thats what we have for this AADSync tool
- The old Dirsync tool came with some “filters” such as the one where people use “systemmailbox” filter in the mailnickname field to prevent some accounts from syncing to the cloud. Especially for those who do not have on prem Exchange and can play around with such a critical Exchange field. Always a bad idea in my own opinion to play around with the mailnickname field. Anyway that filter is not there in the latest AADSync so you have to add a new Sync rule for that if you use it. I use Extension Attribute for filtering sync and of course I had to add a new sync rule. There is an Msft article on how to do that.
- It does not sync the Target Address from the user object. I guess its a way for the Product team to enforce best practice which is if you have an external point email address create a contact object. Anyway, I had to add a new sync rule for the user object.
- Start the Sync Rule Editor, its in Program Files\Microsoft Azure AD Sync\UIShell
- Enter a name for the rule “TargetAddressInflowMV
- Connect system select your AD
- Connected System Object: User
- MV Object: Person
- Link Type:Join
- Precedence, I gave a low number 51 so it was close to top of the Rules list
- Click next to scoping and join rules
- At Transformation, click “Add Transformation”. FlowType: Direct, Target Attribute: TargetAddress, Source: Target Address, Mergetype: Update. Click Add at the bottom.
- And you have your sync rule to flow the TargetAddress into the MV and provision to Azure.
Something to note. if you have already synced your accounts with Target address to the cloud before you setup this rule, you want to delete these accounts before you push a new copy to the cloud. Delete this also in the O365 recycle bin. You can use the GUI or use PowerShell. If you just delete the current synced up accounts, it goes to recycle bin and if you do a push immediately after the record in the recycle bin is reactivated, which is why you should delete it in the recycle bin as well. There is no user impact because what you will find is that those accounts will not be created in the Cloud Email Directory without this rule in place. They will sync up to the AD placeholder in O365 but they will not go to the Email directory. You will see no sync errors on your AADSync but you will not see these accounts in your Cloud Email Directory.