Link to home
Start Free TrialLog in
Avatar of Len Kally
Len KallyFlag for United States of America

asked on

AD Connector - Office 365

We are using Office 365 and us AD Connector to sync our on-premises Active Directory with O365.

We do NOT disable accounts, we just set the Logon Hours equal to NEVER.

What do I have to do in AD Connector to not sync users whose 'Logon Hours is set to NEVER.
I do not want to sync this option.

Avatar of Vasil Michev (MVP)
Vasil Michev (MVP)
Flag of Bulgaria image

Check the guide I have here:

On the Scope filter step, use the logonHours attribute instead of userAccountControl, and use the ISNOTNULL condition. Or use an actual proper filter that will check the value of logonHours (my example simply checks if the attribute exists).
Avatar of Len Kally


That is the problem there is no LogonHours attribute when I do a connector.
Where is it?
On the AD Connector, go to properties -> Select attributes. Make sure the "show all" checkbox is ticked and find the logonHours attribute. If the checkbox in front of it is not ticked, check it and save the changes.
I found the logon hours, what would the value have to be so users who's logon hours are set as logon disabled under their name?

We do not do disabled accounts, we set the LogonHours and then Logon Disabled

in AD these accounts are NOT disabled.
Avatar of Vasil Michev (MVP)
Vasil Michev (MVP)
Flag of Bulgaria image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial