The popularity of Windows Intune grows as more people want to use it for mobile device management. I have written a couple of blogs on the matter, but felt the need to write another blog, since I did a couple of proof of concepts for Windows Intune lately. When you want to use your Active Directory accounts in Intune you have the possibility to synchronize your users to Intune (actually Azure directory) and the tool to use is DirSync. If you follow the steps in the Intune portal you will do an installation of DirSync, however by default it will synchronize all the users in your AD to Intune. This might not be what you want, there usually is no real need to synchronize service accounts for instance. It is possible to do a selective synchronization and below I will walkthrough the steps on how to accomplish this.
In my lab I have already setup the server where DirSync is installed, but if you install DirSync through the Intune portal make sure that in the last step you uncheck the box to do a synchronization.
To change the configuration of the DirSync go to the following directory on the server where you have installed DirSync and start miisclient.exe
The following GUI appears
Next, click on Management Agents and select the Active Directory Connector (see screenshot below)
Double click on the Active Directory Connector and select Configure Directory Partitions
In this screen click on the button containers …
Fill in the credentials which you used during installation and click OK
Above I already unselected all containers except the one with my users that I want to synchronize. Click ok and you are done, the only thing to do next is to start a full sync and check your results.
Another thing I like to share is that with the current version of the DirSync tool you can synchronize passwords as well. When you install Dirsync you can enable password sync during installation. This was not possible in older versions of Dirsync (see screenshot below)
If you forgot to check the box you can still enable password sync by using miisclient.
As you can see in the screenshot above you can check password sync in the same location as where you configured the selective synchronization as written above.
This concludes this blog, happy configuring!