Share via

User object deleted from on-premises AD does not sync in Azure AD Connect

exar 0 Reputation points
2023-08-15T02:40:35.94+00:00

Azure AD Connect is installed on two on-premises DCs.

After performing the following operations, the deleted user object was not synchronized to Azure AD using Azure AD Connect.

(Azure AD Connect on DC1: Active, Azure AD Connect on DC2: Staging)

  1. Create a user object (user01). (DC1⇒DC2 replication)
  2. DC1 shutdown
  3. Azure AD Connect on DC2: Staging ⇒ Change Active
  4. Create a user object (user02).
  5. Execute Start-ADSyncSyncCycle.
  6. Delete user object (user01)
  7. Azure AD Connect on DC2: Active ⇒ Change Staging
  8. Start DC1
  9. DC2 shutdown
  10. Delete user object (user02)
  11. Execute Start-ADSyncSyncCycle.
  12. I have verified that the user object (user02) has not been deleted from the Azure AD Portal.
  13. Start DC2
  14. I have verified that the user object (user02) has not been deleted from the Azure AD Portal.

・What could be the reason why the user object was not deleted?

・Is Azure AD Connect synchronizing after reading DC object information when executing synchronization?

・What is the differential synchronization of Azure AD Connect judged to be a differential?

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marilee Turscak-MSFT 37,206 Reputation points Microsoft Employee Moderator
    2023-08-15T21:55:20.41+00:00

    Hi @exar ,

    I understand that you have deleted a user from on-premises, but that user is not getting deleted in Azure.

    There are a few potential factors that could cause this to happen.

    • There could be some dependency preventing the user from getting deleted. Please remove all licenses from the user and then manually remove the user using Remove-AzureADUser -ObjectId "******@mydomain.com"

    https://learn.microsoft.com/en-us/powershell/module/azuread/remove-azureaduser?view=azureadps-2.0

    • It's possible that there is a filter applied to the object that is preventing the changes from being synchronized. If this is the case, you can verify this by checking the filtering configuration. https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering#filtering-options
    • There could be an issue with the synchronization operation itself. You can check the Operations tab in the Synchronization Service Manager of Azure AD Connect for more troubleshooting details. This tab will show the results from the most recent operations and any sync errors related to the user02 object.

    The operation may also take up to 30 minutes to complete. If 30 minutes have passed and the changes are still not reflected, you can review the Health Monitoring Agent to ensure that there aren't any issues with the process.

    https://learn.microsoft.com/en-us/azure/active-directory/hybrid/connect/plan-connect-performance-factors

    Let me know if this helps and if you have further questions. If you try all of these steps and still face the issue, feel free to send me an email at AzCommunity@microsoft.com ("Attn: Marilee Turscak") and include your subscription ID and a link to this thread, and I can open a one-time free support case to investigate further.

    If the information helped you, please Accept the answer. This will help us as well as others in the community who may be researching similar information.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.