Share via

deleting objects with azure sync

Riob 1 Reputation point
2022-07-14T22:51:50.697+00:00

When I delete a computer object in local AD, Azure AD Sync does not delete the object in Azure AD..

The object was synced prior deletion

Any thoughts?

Windows for business Windows Client for IT Pros Directory services Active Directory
Microsoft Security Microsoft Entra Microsoft Entra ID
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 39,916 Reputation points
    2022-07-15T11:00:30.233+00:00

    Hello Riob,

    This is a known issue, as the object was prior synched, but now is not existing Azure AD is unable to manage or delete.

    Please see the next article for actions to resolve the issue: https://learn.microsoft.com/en-us/troubleshoot/azure/active-directory/cannot-manage-objects

    Reference:
    "You deleted an object from the on-premises AD DS. However, the object wasn't deleted from your cloud service organization. This behavior is unexpected"

    -----------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments
  2. Sandeep G-MSFT 20,906 Reputation points Microsoft Employee Moderator
    2022-07-18T10:37:18.243+00:00

    @Riob

    Thank you for posting your question on Microsoft Q&A.

    Usually, when an object is synced from AD DS to azure AD, there is a link that gets created between object in AD DS and Azure AD. If any identity in Azure AD is linked object, then any changes made in AD DS to that object will be carried to Azure AD.

    In your scenario, you are deleting a computer object from AD DS and corresponding object in Azure AD is not getting deleted.
    This can happen only if on-prem computer object doesn’t have a corresponding identity in Azure AD which is still linked.

    You can first check if this object is present in metaverse of AD connect. Perform a metaverse search using below steps,
    • Open Synchronization service as an administrator
    • Click on metaverse search on the top.
    • Set the “scope by object type” as “Device”
    • Now create filter as “Display name contains <computer display name from AD DS>”
    • Check if you are seeing this device in metaverse.

    If this device is not available in metaverse, that means the computer object that you see in Azure AD is an orphan object.

    If you are experiencing as above, then you will have to use PowerShell commands to delete the object from Azure AD.
    You can use command Remove-MsolDevice -DeviceId or Remove-AzureADDevice -ObjectId

    To run above commands, you need to install the Msonline and AzureAD modules correspondingly.

    If you are facing issue only with fewer computer objects, you can use above commands and get the devices removed from Azure AD.

    Do let me know if you have any further questions on this.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.