Len Kally
asked on
AD Connector - Office 365
We are using Office 365 and us AD Connector to sync our on-premises Active Directory with O365.
We do NOT disable accounts, we just set the Logon Hours equal to NEVER.
What do I have to do in AD Connector to not sync users whose 'Logon Hours is set to NEVER.
I do not want to sync this option.
Thanks
We do NOT disable accounts, we just set the Logon Hours equal to NEVER.
What do I have to do in AD Connector to not sync users whose 'Logon Hours is set to NEVER.
I do not want to sync this option.
Thanks
ASKER
That is the problem there is no LogonHours attribute when I do a connector.
Where is it?
Where is it?
On the AD Connector, go to properties -> Select attributes. Make sure the "show all" checkbox is ticked and find the logonHours attribute. If the checkbox in front of it is not ticked, check it and save the changes.
ASKER
I found the logon hours, what would the value have to be so users who's logon hours are set as logon disabled under their name?
thanks
thanks
ASKER
We do not do disabled accounts, we set the LogonHours and then Logon Disabled
in AD these accounts are NOT disabled.
in AD these accounts are NOT disabled.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
On the Scope filter step, use the logonHours attribute instead of userAccountControl, and use the ISNOTNULL condition. Or use an actual proper filter that will check the value of logonHours (my example simply checks if the attribute exists).