Custom Sync filter verbiage for Azure AD Sync custom rule

  • 114 Views
  • Last Post 28 July 2017
BrianB posted this 28 July 2017

All:   I am hoping for some help on writing a custom expression sync rule. I have been unsuccessful in my attempts as the filter language is written in VBA and I do not know that language.

  I am writing a custom scoped filter for the proxyAddresses attribute.

  1.       Filter out any smtp/SMTP:name@xxxxxxxxxxxxxxxx value but WILL sync all other values in the attribute.

2.       If the unwanted suffix is the primary SMTP, then I need to transform smtp:name@xxxxxxxxxxxxxxxx to [ALL_CAPS]SMTP:name:wanttosnc.com.   I am using extensionAttribute15 with a custom value that I am scoping the filter with, such that it will only apply to user objects that have this specific value in the attribute.

  Background: We are going through a divesture and are moving a validated domain from our O365 tenant to another for the other half of the org. We are still sharing an AD forest for the time being and user objects who belong to the new tenant have their email suffix of their primary SMTP: set to the new suffix and an alias set to the old tenant while they transition. All mailboxes are still on-prem for both sides of the org. We are using EOP and ATP through our O365 tenant. The new suffix was a validated domain at one time. Since subscribing to the new tenant we deleted that domain from our tenant using guidance from Microsoft consulting.

  Proper MX records are set for both tenants so that email destined to the respective suffix goes through the proper tenant to the on-prem mailbox in the shared Ad forest and shared Exchange. Transition efforts are underway but will take some time, so we live in this reality for the time being.        Brian Britt  

Order By: Standard | Newest | Votes
gduke posted this 28 July 2017

Would it be easier to set the desired address values themselves using one of the

ExtensionCustomAttributeN multivalued attributes, and use that both for scoping and as the data source to sync to the proxyAddresses attribute in Azure AD?

 

—Geoff



Geoffrey Duke

802.656.1172 |

Sr Systems Administrator
|

Enterprise Technology Services
|

University of Vermont


 

 

show

BrianB posted this 28 July 2017

That was also presented as an option but would require manual (scripted) population as a one-off. I am not an Exchange admin but if the Exchange guys can populate that attribute with the desired proxyAddresses

as part of the their workflow then I can do a custom attribute flow.

 

Truth be told, I was unaware of the Multi-valued attributes you mentioned until just now. All of the other extensionattributes were single valued and we would have had to do a many to one attribute flow. In some

cases we have people who have up to 8 different alias due to the different divisions within our org with their own vanity domain.



 

I can test this out but would still appreciate any help with m original request in case this does not satisfy my executives or the exchange staff.



 

Thank you for that information.



 

Brian Britt

 

show

Close