Hi there,
I have a number of scenarios which I am trying to wrap my head around. The primary one I'm grappling with at the moment is filtering objects coming IN from AAD.
We have multiple disconnected Active Directories, and one global Azure Active Directory. The Azure Active Directory contains ALL users within the organisation, where the disconnected AD environments only contain the users relevant to that site. Joining all the AD environments is not presently feasible.
Furthermore, some sites that fall under my control do not have AD and I'm making plans to implement it. I'm trying to determine if I can populate a fresh AD using the accounts from AAD. Initial tests show that this is possible (I've been able to sync down the entire AAD to a test AD) however I would like to limit the scope of users that come in.
For example - India is a new site. I would like to install AD and sync the existing India users down from AAD to populate the AD environment, and continue to have two-way synchronisation between AD and AAD for those users.
For sites that already have AD and hence duplication of users (including my local office in AU), I would like to sync only our users from AAD with our existing AD.
After that long winded description... I can't get my head around how the filtering works. I've followed some tutorials however they seem to be for filtering users going from AD to AAD, where I want to do the reverse and only allow a subset of the AAD directory to sync. I want to filter based on the 'country' attribute which is set for all users within AAD.
Could somebody assist me with the logic required to configure filters to achieve this?