Share via

First Azure AD Sync created duplicate users

TRF-Azure 1 Reputation point
2022-09-16T21:13:07.03+00:00

Hi,
I just ran through Azure AD Sync for the first time. I thought I had read that it would prompt me to choose which OUs I wanted to sync, but I must have misread something and it synchronized without any input. I did not want it to sync my Retired Users OU, where I keep disabled accounts. I know now I can go into the rules and set a rule to not sync this OU.

I've also read that this process reads the ImmutableID to determine how to merge an on-prem and Azure account (we keep the 365 accounts active as shared mailboxes), but I think I'll just delete the additional users from Azure AD.

But this left me with a question. About five long-timers at this company have a different email address convention; firstname@mathieu.company .com rather than flastname@mathieu.company .com. As such these users were duplicated. I should have expected this and prepared. Is there any way this can be dealt with without inconveniencing the end user? I feel like the plan would be to change their main email address to flastname@mathieu.company .com and set their firstname@mathieu.company .com as a proxy address, but I think this will sign them out of all their Office 365 applications.

Microsoft Security Microsoft Entra Microsoft Entra ID

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Akshay-MSFT 17,951 Reputation points Microsoft Employee Moderator
    2022-09-20T10:46:07.893+00:00

    Hello @TRF-Azure ,

    From the description above I could understand that you want to achieve the following:

    Goal: To have only following users synced in Azure AD with UPN as "LASTNAME@mathieu.company .COM"

    Steps to Achieve the same:

    • Navigate to Azure Active Directory > Azure AD Connect > Manage Azure AD cloud Sync

    242909-image.png

    • Click on the Domain you want to configure:

    242971-image.png

    • Select Scope > Click to edit scoping filters > Selected organizational Units > Enter the distinguished name of the OU > Add > Done

    242910-image.png

    • Once you hit "Done" a warning banner will appear stating "Changes in scope may result in users being deleted". This means all users who were synced earlier and are not part of this OU('s) will be removed from Azure AD

    242991-image.png

    • Once this configuration is saved, the users who are not in scope of OU will be removed from Azure AD and only OU members will be synced. This may take time based upon the directory size.
    • Changes can viewed in provisioning logs. The User Cloud Sync2 has been deleted (soft delete) and User AAD Cloud Sync has been updated in the system (as it was present earlier and is part of the OU as well).

    242949-image.png

    Do let me know if you have any queries in comment section. Ref doc used: https://learn.microsoft.com/en-us/azure/active-directory/cloud-sync/how-to-configure#scope-provisioning-to-specific-users-and-groups

    Thanks,
    Akshay Kaushik

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.