How to prevent accidental deletions
When installing either cloud sync or Microsoft Entra Connect, this feature is enabled by default and configured to not allow an export with more than 500 deletes. This feature is designed to protect you from accidental configuration changes and changes to your on-premises directory that would affect many users and other objects.
You can change the default behavior and tailor it to your organizations needs.
Configure accidental delete prevention with cloud sync
To use the new feature, follow the steps below.
- Sign in to the Microsoft Entra admin center as at least a Hybrid Administrator.
- Browse to Identity > Hybrid management > Microsoft Entra Connect > Cloud sync.
- Under Configuration, select your configuration.
- Select View default properties.
- Click the pencil next to Basics
- On the right, fill in the following information.
- Notification email - email used for notifications
- Prevent accidental deletions - check this box to enable the feature
- Accidental deletion threshold - enter the number of objects to stop synchronization and send a notification
For more information, see Accidental delete prevention with cloud sync
Configure accidental delete prevention with Microsoft Entra Connect
The default value of 500 objects can be changed with PowerShell using Enable-ADSyncExportDeletionThreshold, which is part of the AD Sync module installed with Microsoft Entra Connect. You should configure this value to fit the size of your organization. Since the sync scheduler runs every 30 minutes, the value is the number of deletes seen within 30 minutes.
For more information, see Accidental delete prevention with Microsoft Entra Connect.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for