Share via

Synchronization of disabled and enabled Onepremise Active Directory users with Microsoft entra

FCH-M365 0 Reputation points
2024-06-20T13:08:14.9433333+00:00 
Hi,

Currently when I deactivate a user in the Onpremise active directory it remains activated in Microsoft Entra.

I want the user's status to be updated as soon as a change is made to the active directory.

I looked at the Synchronization Rules Editor but I don't know much about it.

Do you know a way to achieve this? 

THANKS
Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Windows for business | Windows Server | User experience | PowerShell
Microsoft Security | Microsoft Entra | Microsoft Entra ID

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Abiola Akinbade 29,490 Reputation points Volunteer Moderator
    2024-06-20T13:31:45.32+00:00

    Hello FCH-M365,

    Thanks for your question.

    Sync Cycles usually take 30 mins. If you have disabled a user on-premises and want it to sync to the cloud immediately, you will need to trigger a synchronization cycle.

    You can do this using:

    Start-ADSyncSyncCycle -PolicyType Delta

    The above will sync the changes in your environment. See: https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-sync-feature-scheduler

    Regards,

    Abiola

    You can mark it 'Accept Answer' and upvote if this helped.

    0 comments
  2. FCH-M365 0 Reputation points
    2024-06-20T13:56:33.8233333+00:00

    This doesn't work and the sync was already active with the service account.User's image

    By using the "Synchronization Rules Editor" can this allow me to do synchronization just by taking into account the "ObjectGUID" attribute of an OU? Because I just want to deactivate the users. Meeting rooms, shared boxes are deactivated in the active directory but I want them to remain active in Azure AD

    0 comments
  3. Neuvi Jiang 1,540 Reputation points Microsoft External Staff
    2024-06-21T08:10:38.88+00:00

    Hi FCH-M365,

    Thank you for posting in the Q&A Forums.

    First, confirm that the synchronization between Active Directory and Microsoft Entra (possibly referring to Azure Active Directory or other Microsoft cloud services) is set up correctly and is working.

    If you're using Azure AD Connect or another sync tool, check its configuration and sync status to make sure there are no errors or delays.

    In Azure AD Connect or other sync tools, there may be specific sync rules that may have affected the user's deactivated status.

    If you notice a delay in syncing, you can try manually triggering a sync to ensure that the changes take effect immediately.

    You can audit user account changes in Active Directory to ensure that the changes have been applied correctly.

    This can also help you determine if the changes were successfully synced to Microsoft Entra.

    Check Active Directory and Microsoft Entra's logs and events for details about synchronization and user state changes.

    Best regards

    NeuviJ

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.