Deleting inactive users from Azure AD and On-premise AD

Sri Borra 5 Reputation points
2023-01-27T15:35:38.5633333+00:00

I have a question about managing groups and users. I have a couple of inactive users in my organization whose license has been revoked but their account still exists in my Azure environment.

Now my question is how I delete these users in my Azure AD and also in my Local on-premise AD at the same time with minimal manual effort.

Solutions I can think off:

  • To implement the Identity Governance rule and filter out all the inactive users for more than 90 days.
  • Try to match their SMTP and their UPN addresses.
  • Then delete the list of user accounts.

Problems I could think off:

  • My user accounts might have different display names in Azure AD and local AD.
  • There are duplicate user accounts for the same user where their account type is either guest which was created through their personal email and a member account created through the organization's email. How do I merge or delete them?
  • How do I delete a user account in my cloud and on - premises environment at the same time
  • Some users have their account on a contract basis where they could be inactive for more than 90 days but might need their account later, how do I filter them out
  • Finally, there are superior authorities in the org who might not login for months together or have a different account - how do I recognize such accounts and manage my users without deleting them
  • Is there a way to add my users to respective groups in an automated way instead of manually assigning them

Thank you in advance.

Any help would be appreciated.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,563 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. JimmySalian-2011 41,921 Reputation points
    2023-01-27T16:33:21.62+00:00

    Hi,

    If you are using Hybrid model you will have to delete the users in On-premise AD so that will be synced to the Azure AD, after you delete onprmise users it will be deleted in AAD and will be moved to deleted users soft delete.

    Later you can filter the users that are left out and carry out analysis based on the UPN address or unique attribute, this is also kind of cleanup activity and you should have HR policy to disable and move users out of sync from Azure AD Connect.

    Hope this helps.

    JS

    ==

    Please Accept the answer if the information helped you. This will help us and others in the community as well.

    0 comments
  2. EnterpriseArchitect 4,761 Reputation points
    2023-06-26T04:27:21.71+00:00
    0 comments