Merge pull request #197585 from RobdeJong/patch-148

v-regandowner · web-flow · commit f3958d2ac674 · 2022-05-09T17:37:36.000-04:00
Update how-to-connect-sync-configure-filtering.md
diff --git a/articles/active-directory/hybrid/how-to-connect-sync-configure-filtering.md b/articles/active-directory/hybrid/how-to-connect-sync-configure-filtering.md
@@ -20,7 +20,7 @@ ms.collection: M365-identity-device-management
 # Azure AD Connect sync: Configure filtering
 By using filtering, you can control which objects appear in Azure Active Directory (Azure AD) from your on-premises directory. The default configuration takes all objects in all domains in the configured forests. In general, this is the recommended configuration. Users using Microsoft 365 workloads, such as Exchange Online and Skype for Business, benefit from a complete Global Address List so they can send email and call everyone. With the default configuration, they would have the same experience that they would have with an on-premises implementation of Exchange or Lync.
 
-In some cases however, you're required make some changes to the default configuration. Here are some examples:
+In some cases however, you're required to make some changes to the default configuration. Here are some examples:
 
 * You run a pilot for Azure or Microsoft 365 and you only want a subset of users in Azure AD. In the small pilot, it's not important to have a complete Global Address List to demonstrate the functionality.
 * You have many service accounts and other nonpersonal accounts that you don't want in Azure AD.
@@ -81,118 +81,13 @@ You can use multiple filtering options at the same time. For example, you can us
 ## Domain-based filtering
 This section provides you with the steps to configure your domain filter. If you added or removed domains in your forest after you installed Azure AD Connect, you also have to update the filtering configuration.
 
-The preferred way to change domain-based filtering is by running the installation wizard and changing [domain and OU filtering](how-to-connect-install-custom.md#domain-and-ou-filtering). The installation wizard automates all the tasks that are documented in this topic.
+To change domain-based filtering, run the installation wizard: [domain and OU filtering](how-to-connect-install-custom.md#domain-and-ou-filtering). The installation wizard automates all the tasks that are documented in this topic.
 
-You should only follow these steps if you're unable to run the installation wizard for some reason.
 
-Domain-based filtering configuration consists of these steps:
-
-1. Select the domains that you want to include in the synchronization.
-2. For each added and removed domain, adjust the run profiles.
-3. [Apply and verify changes](#apply-and-verify-changes).
-
-### Select the domains to be synchronized
-There are two ways to select the domains to be synchronized:
-	- Using the Synchronization Service
-	- Using the Azure AD Connect wizard.
-
-
-#### Select the domains to be synchronized using the Synchronization Service
-To set the domain filter, do the following steps:
-
-1. Sign in to the server that is running Azure AD Connect sync by using an account that is a member of the **ADSyncAdmins** security group.
-2. Start **Synchronization Service** from the **Start** menu.
-3. Select **Connectors**, and in the **Connectors** list, select the Connector with the type **Active Directory Domain Services**. In **Actions**, select **Properties**.  
-   ![Connector properties](./media/how-to-connect-sync-configure-filtering/connectorproperties.png)  
-4. Click **Configure Directory Partitions**.
-5. In the **Select directory partitions** list, select and unselect domains as needed. Verify that only the partitions that you want to synchronize are selected.  
-   ![Screenshot that shows the directory partitions in the "Properties" window.](./media/how-to-connect-sync-configure-filtering/connectorpartitions.png)  
-   If you've changed your on-premises Active Directory infrastructure and added or removed domains from the forest, then click the **Refresh** button to get an updated list. When you refresh, you're asked for credentials. Provide any credentials with read access to Windows Server Active Directory. It doesn't have to be the user that is prepopulated in the dialog box.  
-   ![Refresh needed](./media/how-to-connect-sync-configure-filtering/refreshneeded.png)  
-6. When you're done, close the **Properties** dialog by clicking **OK**. If you removed domains from the forest, a message pop-up says that a domain was removed and that configuration will be cleaned up.
-7. Continue to adjust the run profiles.
-
-#### Select the domains to be synchronized using the Azure AD Connect wizard
-To set the domain filter, do the following steps:
-
-1.  Start the Azure AD Connect wizard
-2.  Click **Configure**.
-3.  Select **Customize Synchronization Options** and click **Next**.
-4.  Enter your Azure AD credentials
-5.  On the **Connected Directories** screen click **Next**.
-6.  On the **Domain and OU filtering page** click **Refresh**.  New domains will now appear and deleted domains will disappear.
-   ![Partitions](./media/how-to-connect-sync-configure-filtering/update2.png)  
-
-### Update the run profiles
-If you've updated your domain filter, you also need to update the run profiles.
-
-1. In the **Connectors** list, make sure that the Connector that you changed in the previous step is selected. In **Actions**, select **Configure Run Profiles**.  
-   ![Connector run profiles 1](./media/how-to-connect-sync-configure-filtering/connectorrunprofiles1.png)  
-2. Find and identify the following profiles:
-    * Full Import
-    * Full Synchronization
-    * Delta Import
-    * Delta Synchronization
-    * Export
-3. For each profile, adjust the **added** and **removed** domains.
-    1. For each of the five profiles, do the following steps for each **added** domain:
-        1. Select the run profile and click **New Step**.
-        2. On the **Configure Step** page, in the **Type** drop-down menu, select the step type with the same name as the profile that you're configuring. Then click **Next**.  
-        ![Connector run profiles 2](./media/how-to-connect-sync-configure-filtering/runprofilesnewstep1.png)  
-        3. On the **Connector Configuration** page, in the **Partition** drop-down menu, select the name of the domain that you've added to your domain filter.  
-        ![Connector run profiles 3](./media/how-to-connect-sync-configure-filtering/runprofilesnewstep2.png)  
-        4. To close the **Configure Run Profile** dialog, click **Finish**.
-    2. For each of the five profiles, do the following steps for each **removed** domain:
-        1. Select the run profile.
-        2. If the **Value** of the **Partition** attribute is a GUID, select the run step and click **Delete Step**.  
-        ![Connector run profiles 4](./media/how-to-connect-sync-configure-filtering/runprofilesdeletestep.png)  
-    3. Verify your change. Each domain that you want to synchronize should be listed as a step in each run profile.
-4. To close the **Configure Run Profiles** dialog, click **OK**.
-5.  To complete the configuration, you need to run a **Full import** and a **Delta sync**. Continue reading the section [Apply and verify changes](#apply-and-verify-changes).
 
 ## Organizational unit–based filtering
-The preferred way to change OU-based filtering is by running the installation wizard and changing [domain and OU filtering](how-to-connect-install-custom.md#domain-and-ou-filtering). The installation wizard automates all the tasks that are documented in this topic.
-
-You should only follow these steps if you're unable to run the installation wizard for some reason.
-
-To configure organizational unit–based filtering, do the following steps:
-
-1. Sign in to the server that is running Azure AD Connect sync by using an account that is a member of the **ADSyncAdmins** security group.
-2. Start **Synchronization Service** from the **Start** menu.
-3. Select **Connectors**, and in the **Connectors** list, select the Connector with the type **Active Directory Domain Services**. In **Actions**, select **Properties**.  
-   ![Connector properties](./media/how-to-connect-sync-configure-filtering/connectorproperties.png)  
-4. Click **Configure Directory Partitions**, select the domain that you want to configure, and then click **Containers**.
-5. When you're prompted, provide any credentials with read access to your on-premises Active Directory. It doesn't have to be the user that is prepopulated in the dialog box.
-6. In the **Select Containers** dialog box, clear the OUs that you don’t want to synchronize with the cloud directory, and then click **OK**.  
-   ![OUs in the Select Containers dialog box](./media/how-to-connect-sync-configure-filtering/ou.png)  
-   * The **Computers** container should be selected for your Windows 10 computers to be successfully synchronized to Azure AD. If your domain-joined computers are located in other OUs, make sure those are selected.
-   * The **ForeignSecurityPrincipals** container should be selected if you have multiple forests with trusts. This container allows cross-forest security group membership to be resolved.
-   * The **RegisteredDevices** OU should be selected if you enabled the device writeback feature. If you use another writeback feature, such as group writeback, make sure these locations are selected.
-   * Select any other OU where Users, iNetOrgPersons, Groups, Contacts, and Computers are located. In the picture, all these OUs are located in the ManagedObjects OU.
-   * If you use group-based filtering, then the OU where the group is located must be included.
-   * Note that you can configure whether new OUs that are added after the filtering configuration finishes are synchronized or not synchronized. See the next section for details.
-7. When you're done, close the **Properties** dialog by clicking **OK**.
-8. To complete the configuration, you need to run a **Full import** and a **Delta sync**. Continue reading the section [Apply and verify changes](#apply-and-verify-changes).
-
-### Synchronize new OUs
-New OUs that are created after filtering has been configured are synchronized by default. This state is indicated by a selected check box. You can also unselect some sub-OUs. To get this behavior, click the box until it becomes white with a blue check mark (its default state). Then unselect any sub-OUs that you don't want to synchronize.
-
-If all sub-OUs are synchronized, then the box is white with a blue check mark.  
-![OU with all boxes selected](./media/how-to-connect-sync-configure-filtering/ousyncnewall.png)
-
-If some sub-OUs have been unselected, then the box is gray with a white check mark.  
-![OU with some sub-OUs unselected](./media/how-to-connect-sync-configure-filtering/ousyncnew.png)
-
-With this configuration, a new OU that was created under ManagedObjects is synchronized.
-
-The Azure AD Connect installation wizard always creates this configuration.
-
-### Don't synchronize new OUs
-You can configure the sync engine to not synchronize new OUs after the filtering configuration has finished. This state is indicated in the UI by the box appearing solid gray with no check mark. To get this behavior, click the box until it becomes white with no check mark. Then select the sub-OUs that you want to synchronize.
-
-![OU with the root unselected](./media/how-to-connect-sync-configure-filtering/oudonotsyncnew.png)
+To change OU-based filtering, run the installation wizard: [domain and OU filtering](how-to-connect-install-custom.md#domain-and-ou-filtering). The installation wizard automates all the tasks that are documented in this topic.
 
-With this configuration, a new OU that was created under ManagedObjects isn't synchronized.
 
 ## Attribute-based filtering
 Make sure that you're using the November 2015 ([1.0.9125](reference-connect-version-history.md)) or later build for these steps to work.
