Do the attributes contribute by Azure AD Connect Provisioning Agent retain their values when disconnected?

Michael Liben 106 Reputation points

When a user object goes out of scope from the Azure AD Provisioning Service and subsequently the Azure AD Connect Provisioning Agent, are the values contributed from the HR source retained in the Azure AD object or are they deleted. This question assumes we configured our agent to 'Skip deletion of user accounts that go out of scope in Azure Active Directory.'

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
13,511 questions
{count} votes

Accepted answer
  1. JimmySalian-2011 29,726 Reputation points


    Thank you for asking this question on the Microsoft Q&A Platform.

    It depends on the type of attribute you have setup in the AD Connect provisioning, AFAIK the attributes that are synced to the user object in Azure AD will be retained, unless you manually remove the mapping from the user object from on-prem AD.

    Yes you are correct skip deletion of user accounts will soft delete the object in Azure AD and will remove the object incl the attributes.

    Please check the attributes that you have configured and it will give you detailed information.


    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

1 additional answer

Sort by: Most helpful
  1. Akshay-MSFT 3,956 Reputation points Microsoft Employee

    Hello @Michael Liben ,

    I was able to check on this. As per: SkipOutOfScopeDeletions is set to 1 (true), accounts that go out of scope will not be disabled in the target.

    So, in this case would user attributes values be preserved in Azure AD and same will be use when user comes back to scope or being rehired in the system.

    If SkipOutOfScopeDeletions is set to 0, accounts that go out of scope will be disabled in the target immediately and will be removed after 30 days.

    A user is soft deleted in Azure AD (sent to the recycle bin / AccountEnabled property set to false). 30 days after a user is deleted in Azure AD, they will be permanently deleted from the tenant. At this point, the provisioning service will send a DELETE request to permanently delete the user in the application.

    Please "Accept the answer" and rate your experience if the information helped you. This will help us and others in the community as well.