Synchronization of disabled and enabled Onepremise Active Directory users with Microsoft entra

FCH-M365 0 Reputation points
2024-06-20T13:08:14.9433333+00:00
Hi,

Currently when I deactivate a user in the Onpremise active directory it remains activated in Microsoft Entra.

I want the user's status to be updated as soon as a change is made to the active directory.

I looked at the Synchronization Rules Editor but I don't know much about it.

Do you know a way to achieve this? 

THANKS
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,224 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,456 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,560 questions
{count} votes

3 answers

Sort by: Most helpful
  1. akinbade abiola 8,705 Reputation points
    2024-06-20T13:31:45.32+00:00

    Hello FCH-M365,

    Thanks for your question.

    Sync Cycles usually take 30 mins. If you have disabled a user on-premises and want it to sync to the cloud immediately, you will need to trigger a synchronization cycle.

    You can do this using:

    Start-ADSyncSyncCycle -PolicyType Delta
    

    The above will sync the changes in your environment. See: https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-sync-feature-scheduler

    Regards,

    Abiola

    You can mark it 'Accept Answer' and upvote if this helped.

    0 comments No comments

  2. FCH-M365 0 Reputation points
    2024-06-20T13:56:33.8233333+00:00
    
    

    This doesn't work and the sync was already active with the service account.User's image

    By using the "Synchronization Rules Editor" can this allow me to do synchronization just by taking into account the "ObjectGUID" attribute of an OU? Because I just want to deactivate the users. Meeting rooms, shared boxes are deactivated in the active directory but I want them to remain active in Azure AD

    0 comments No comments

  3. Neuvi Jiang 765 Reputation points Microsoft Vendor
    2024-06-21T08:10:38.88+00:00

    Hi FCH-M365,

    Thank you for posting in the Q&A Forums.

    First, confirm that the synchronization between Active Directory and Microsoft Entra (possibly referring to Azure Active Directory or other Microsoft cloud services) is set up correctly and is working.

    If you're using Azure AD Connect or another sync tool, check its configuration and sync status to make sure there are no errors or delays.

    In Azure AD Connect or other sync tools, there may be specific sync rules that may have affected the user's deactivated status.

    If you notice a delay in syncing, you can try manually triggering a sync to ensure that the changes take effect immediately.

    You can audit user account changes in Active Directory to ensure that the changes have been applied correctly.

    This can also help you determine if the changes were successfully synced to Microsoft Entra.

    Check Active Directory and Microsoft Entra's logs and events for details about synchronization and user state changes.

    Best regards

    NeuviJ

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.