VA - ARS Sync Service

Hi Guys. 

I have setup ARS to Azure AD and along with that ARS Sync Service. I also have a VA and lets call it AzureSyncEnable and its of type Boolean

In our on Prem AD in an OU we have all our user accounts for a local office. In that OU will be user accounts we do and do not want to sync up to Azure. We want to have control over what is Sync'd. What i was thinking and i am not sure if this is the correct way, was on the Connections for ARS in Sync Service, under scope where you select the OU to Sync. There is a conditions. Am i right i thinking if i add the VA AzureSyncEnable and set it to TRUE that it will only sync objects with that set? 

Or am i looking at this wrong and need to do it another way? 

Thanks in advance.  

Parents Reply Children
  • Maybe you wrote this out wrong but...

    Your Connection to your on-premises Active Roles / Active Directory would use the Sync Service One Identity Active Roles Connector as you stated - i.e. your "source".

    Your Connection to Azure / M365 with the client key and so forth would be using the Sync Service Azure AD Connector (this would be the "target" for your sync)

    The reason I asked about Azure AD Connect (i.e. the "native" Microsoft sync engine) is that most people use this to synchronize the contents of their on-premise environment to their M365 tenant.  When this is in place, it places some constraints around what you can update directly in your tenant using the Active Roles sync service.  If you don't have this in place, that's fine.  If you do and you don't know it, you will find out soon enough as the Sync Service will complain that it cannot update things in your M365 tenant.



  • Thanks mate. Yes at the moment we do have the MS AD Connect sync'ing OU's. My plan was to have AR Sync Service do as much as possible and have native tools the bare minimum. What's the best way forward when the native tools were already in place?  

  • There's no simple answer to that I am afraid.  You really need to do a holistic review of how you want to manage your environment.  I would suggest buying a few hours of time from a qualified Active Roles Integrator to brainstorm / architect this as a discussion in a Forum is not the best way to solution this.

    As a starting point, there is a white paper on the One Identity site here:

    https://support.oneidentity.com/download/downloads?id=6103160