On-Premises Directory Synchronization Service Account

Question

On-Premises Directory Synchronization Service Account

Mohsen SHANIVAR 1

Hello,

I have successfully connected my on-premises server to Azure using Azure AD Connect, and everything is working as expected.

However, I’ve noticed that the On-Premises Directory Synchronization Service Account is being created in all three tenants associated with my Azure portal. This is unexpected, as only one tenant is intended for synchronization. The other tenants belong to clients, and I would prefer not to have this account appear there.

Could someone please explain why this is happening and how I can prevent the service account from being automatically created in all tenants?

Thank you in advance for your help!

T. Kujala 8,766 Reputation points

2022-03-17T12:52:37.237+00:00

Hi @Mohsen SHANIVAR ,

Do you mean that the service account has been synced from On-Premises Directory to the cloud?
Mohsen SHANIVAR 1 Reputation point

2022-03-17T13:02:31.437+00:00

I mean exactly On-Premises Directory Synchronization Service Account ******@...........onmicrosoft.com is created to all three tenants "Azure directories".
How can I do to avoid creating to all tenants except in a tenant which I connected to On-premises.
JamesTran-MSFT 36,911 Reputation points Microsoft Employee Moderator

2022-03-22T21:40:23.17+00:00
MohsenSHANIVAR
Thank you for your post!

I understand you have this Service Account in all 3 of your tenants, but is this account being created in tenant's where Azure AD Connect isn't sync'ing users to?

Does this happen to any other tenant outside of these 3 (if you have more than 3 tenants)?

Since these Service Accounts are created by Azure AD Connect, is there a reason you want to remove/delete them?

If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.

1 answer

Your answer

T. Kujala 8,766 Reputation points

2022-03-17T12:52:37.237+00:00

Hi @Mohsen SHANIVAR ,

Do you mean that the service account has been synced from On-Premises Directory to the cloud?
Mohsen SHANIVAR 1 Reputation point

2022-03-17T13:02:31.437+00:00

I mean exactly On-Premises Directory Synchronization Service Account ******@...........onmicrosoft.com is created to all three tenants "Azure directories".
How can I do to avoid creating to all tenants except in a tenant which I connected to On-premises.
JamesTran-MSFT 36,911 Reputation points Microsoft Employee Moderator

2022-03-22T21:40:23.17+00:00

MohsenSHANIVAR
Thank you for your post!

I understand you have this Service Account in all 3 of your tenants, but is this account being created in tenant's where Azure AD Connect isn't sync'ing users to?

Does this happen to any other tenant outside of these 3 (if you have more than 3 tenants)?

Since these Service Accounts are created by Azure AD Connect, is there a reason you want to remove/delete them?

If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.

Answer 1

T. Kujala 8,766

@Mohsen SHANIVAR ,

I understand.

Have you tried to simply delete this account?

Mohsen SHANIVAR 1 Reputation point

2022-03-18T07:45:21.39+00:00

Yes Actually I'm able to delete the user but I don't want to do like this, just I want to do it in correct way to avoid creating in all tenants when I config Azure AD connect.

Share via

On-Premises Directory Synchronization Service Account

1 answer

Your answer