Support-Info: (AADCONNECT): Provisioning with Non-AD Connector

APPLIES TO/TEST WITH:

  • Azure AD Connect v1.1.380.0

CONNECTOR

    • Non-AD Connectors
      • Generic LDAP
      • Generic SQL

     

    NOTE Please note that this would be considered a “Customized Azure AD Connect Solution”.  It is not an Out of the Box solution.

 

PROBLEM SCENARIO AND/OR GOAL

  • If you build an Azure AD Connect solution, but you do not want to utilize the Active Directory Connector for your provisioning, you need to ensure that you follow a few simple guidelines to get your objects to Azure.

REVIEW ITEMS

  1. Identify the Outbound Provisioning Sync Rules for the AAD Connector.  The following are the default Outbound Provisioning Sync Rules listed in the Sync Rule Editor.
    1. Out to AAD – User Join
    2. Out to AAD – Contact Join
    3. Out to AAD – Group Join
    4. Out to AAD – Device Join SOAInAD
  2. Determine which object type that you will be provisioning to Azure and then review the Sync Rule to understand the Scoping Filter, Join Rules  and Transformations that are needed for the object to successfully make it to O365.
NOTE Please note, the below attributes are from the Scoping Filter Tab.  There is a reason that these attributes are in the Scoping Filter for the Outbound Provisioning Sync Rule for the AAD Connector.  If you remove the flow for one of these attributes, you may encounter Export Errors when exporting to Azure (O365).

I would also recommend to get an understanding of the Join Rules and Transformation Rules to understand what is being flowed and what attributes are being used to join the Metaverse Object to the AAD Connector Space Object.

USER OBJECT REQUIRED ATTRIBUTES ACCORDING TO THE SCOPING FILTER

You need to ensure that these attributes are flowed from your non-AD Connector Space Object to the Metaverse Object.  The Scoping Filters are there to ensure that this data is flowed because it is required to create the object in Azure (O365).

If you remove the flow for one of these attributes, you may receive an Export error when exporting to Azure (O365).

 

 

CONTACT OBJECT REQUIRED ATTRIBUTES ACCORDING TO THE SCOPING FILTER

You need to ensure that these attributes are flowed from your non-AD Connector Space Object to the Metaverse Object.  The Scoping Filters are there to ensure that this data is flowed because it is required to create the object in Azure (O365).

If you remove the flow for one of these attributes, you may receive an Export error when exporting to Azure (O365).

 

 

GROUP OBJECT REQUIRED ATTRIBUTES ACCORDING TO THE SCOPING FILTER

You need to ensure that these attributes are flowed from your non-AD Connector Space Object to the Metaverse Object.  The Scoping Filters are there to ensure that this data is flowed because it is required to create the object in Azure (O365).

If you remove the flow for one of these attributes, you may receive an Export error when exporting to Azure (O365).

 

 

AZURE AD CONNECT DOCS

 

 

AZURE AD CONNECT EXAMPLE CUSTOM SYNC RULES

 

 

AZURE AD SYNC FILTERING