Skip to main content

Scoped synchronisation from Azure AD to your Azure AD DS managed domain

Published date: 17 October, 2018

When you enable a new Azure Active Directory Domain Services (AD DS) managed domain, by default, all users and groups within the directory are synchronised into your managed domain. Many customers gave us feedback that this caused sync to take a long time and ended up causing many unnecessary users/groups to be synchronised into the managed domain. Often, customers only want those users who expect to work with apps secured by Azure AD DS to be synchronised into the managed domain.


You can now choose which sets of user accounts should be synchronised into a managed domain. You do this by selecting groups in Azure Active Directory whose members should be synchronised to the managed domain. The current experience is PowerShell-based.


For more information, see the documentation.

  • Microsoft Entra Domain Services
  • Features