NEW! Azure AD Connect Rule Tool

NEW! Azure AD Connect Rule Tool

With our new – free! – Azure AD Connect Rule Tool there’s an easy and reliable way to view, understand and edit rules in Azure AD Connect.

Out-of-the-box, Azure AD Connect’s Synchronization Rules Editor has only a tiny window for editing, and doesn’t provide any syntax checking for sync rule expressions, so you can’t see what’s going on. We find that frustrating – and so have our students attending our Azure AD Connect Masterclass! So our technical geeks have developed a new Azure AD Connect Rule Tool – a free download!

Oxford Computer Training’s AADC Rule Tool enables you to:

  • See what you’re doing – a larger editing window shows easy-to-read code marked in colour
  • Understand the code – if you can see what you’re doing, you can follow the logic
  • Check syntax for sync rule expressions
  • Avoid common mistakes

Read more in this illustrated blog.

Installation is simple, and does not have to be on your Azure AD Connect server – expressions are simply copied from Azure AD Connect, edited, and then pasted back again.

Download the FREE Azure AD Connect Rule Tool now!

Important! See End User Licence Agreement. By downloading the Rule Tool you are agreeing to this.

How to use the Azure AD Connect Rule Tool

Getting started

Tabs The tool is spit into tabs, each giving you a separate page so that you can work on a number of rule expressions at once. The tabs and your expressions, will be remembered from session to session.

Demo expression When you start up the editor, you are presented with a typical expression, so that you can play around and get to know the editor.

Your expressions Simply click the New Expression tab to create a new tab for a new expression. You can then start typing, or copy (Ctrl A and Ctrl C) and paste (Ctrl V) an existing rule from the Azure AD Connect Synchronization Rules Editor. Obviously you can then copy and paste back your edited expression.

Managing tabs You can edit a tab name, or delete a tab – just right-click the tab’s name.


There are self-explanatory controls for copying the current rule, reformatting an expression, selecting possible solutions to issues, and getting this help. You can also right-click any error that has been recognised in your expression to get information and possible solutions.


The AADC Rule Tool helps you understand out-of-the-box rule expressions and create new ones.  Rule expression clarity is significantly improved using the tool’s inteli-sense editor making it easier to read and understand rules expressions. For example, copy the rule, put it into the tool and then the colour coding help you to see and understand the expression and makes it more legible.

For example, what would you rather work with? This…

IIF(IsPresent([isCriticalSystemObject]) || IsPresent([sAMAccountName]) = False || [sAMAccountName] = “SUPPORT_388945a0” || Left([mailNickname], 14) = “SystemMailbox{” || Left([sAMAccountName], 4) = “AAD_” || (Left([mailNickname], 4) = “CAS_” && (InStr([mailNickname], “}”) > 0)) || (Left([sAMAccountName], 4) = “CAS_” && (InStr([sAMAccountName], “}”) > 0))  || Left([sAMAccountName], 5) = “MSOL_”  || CBool(IIF(IsPresent([msExchRecipientTypeDetails]) ,BitAnd([msExchRecipientTypeDetails],&H21C07000) > 0 ,NULL)) || CBool(InStr(DNComponent(CRef([dn]),1),”\\0ACNF:”)>0), True, NULL)

…or this?

Syntax-checking features

As you enter new expressions, or edit existing ones, the Rule Tool highlights errors. You can right-click an error for suggested fixes.

Generally you can expect it to highlight the first error, at least. It will not highlight all errors, as the first error may leave many possibilities for what follows.

As it recognizes different types of valid element (like function and attribute names), it highlights them in different colours.

Remember: rule expressions are case-sensitive in every respect.


The Rule Tool keeps a list of functions. Valid functions (name is correct and syntax) look like this: IsPresent

Something that looks like a function but is not valid looks like this: IsPreset

It is possible that a variable you are typing looks like it might be a function, and vice-versa – until the tool has the full context, it does its best!


The Rule Tool keeps an incomplete list of available attributes – but you can add your own.

Remember: Non-existent attributes ARE allowed rule expressions (such attributes are treated as Null). So there is no formal check that an attribute really exists – it is merely checked against your list

Attributes are entered in square brackets, and validated ones are shown like this: [msExchRecipientTypeDetails]

One that can’t be validated are shown like this: [SomeAttribute]
(but this does not mean it is invalid, merely that it does not match one in the list kept by the tool).


The Rule Tool keeps a list of operators (+, -, >, Or, || etcetera).

Valid operators are shown like this: And

Invalid operators are hard to recognize (as they might not be an operator at all), but if it is not the right colour something is wrong!


Literals (or constants) include numbers (42), text (“Hello”), True, False, NULL, AuthoritativeNull etcetera. Valid literals are shown in different ways: “Yes”, 42, or NULL

Invalid literals are not usually recognized as such, but will flag up some kind of error.


Any in-balance in brackets is flagged up, as are any extraneous characters – like wrong.

Download your AADC Rule Tool now! It’s free forever, no catch!

Azure AD Connect Rule Tool download the free tool now!

Find out about other tools for your identity project!