Firstly apologies if this is posted to the wrong forum, this seemed to most logical place to post from the descriptions, as none showed ADConnect...
The background to the issue is as follows: We are using Office 365 suite with the online licensing feature, so our users need an office 365 account to validate and use office, for normal users this works fine, however are having issues with exam users.
The issue lies due to the exam specs requiring the accounts to be locked when they are not used, this means our exam's officer will use a script to enable that group of users.
So when an exam taker logs in, due to the adconnect sync not running (30 minute delay), the office application will not find a license as the account is still considered disabled on Azure AD, and is unusable
To fix this we then run a manual sync so that the AzureAD account is also enabled. Obviously this is not sustainable.
What i would like to do is use a sync rule to prevent the account control status information being synchronized from AD and also from Azure, but filtered on a group membership (in this case a global group g_examusers).
In essense we would like to see the AzureADAccount always being enabled, but we don't want writeback to enable the accounts locally (as we want the exams officer to control when students can log in to their exam accounts) so we need a rule each for both ways.
I have tried "binging" for information but cannot seem to find anything that helps in our scenario. Any assistance or pointers most welcome.
Many thanks
Kevin