So I had the chance to check this today. If you do OU filtering in the DirSync tools you will get an OU structure with various grey boxes in it. Here is an example:
It appears that both 
and 
are options in the sync tool. You get the first (grey with a tick ) if you select that box and untick some child objects. You get the second (grey box, no tick) if you unselect the parent and then individually select child OU’s.
If you do the second option (and get 
)and then add a new OU under the parent it is not selected in the sync engine by default. Unfortunatly you cannot do this for the root of the domain during initial setup of AADConnect, as you need to select the domain in the provisioning wizard before unselecting OU’s). You can later go into the sync tool and change the domain to default unselected (
) by unselecting everything and then just selecting the OU’s you need. In this way you can be sure that later OU’s are not auto selected for syncing.
Leave a Reply