Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Original product version: Cloud Services (Web roles/Worker roles), Microsoft Entra ID, Microsoft Intune, Azure Backup, Office 365 Identity Management
Original KB number: 2709902
Symptoms
Consider the following scenario:
- You have an on-premises Active Directory object.
- Directory synchronization is used to sync the Active Directory object to Microsoft Entra ID. It creates a linked object.
- You delete the on-premises Active Directory object.
In this scenario, the linked object isn't removed from Microsoft Entra ID.
Cause
This issue may occur if one of the following conditions is true:
- Directory synchronization hasn't yet occurred.
- Directory synchronization unexpectedly failed to delete a specific cloud object and results in an orphaned Microsoft Entra object.
Resolution
To fix this issue, follow these steps:
Make sure that the Microsoft Graph PowerShell module and ADSyncTools PowerShell module are installed.
Run the following ADSync command to force directory synchronization:
Start-ADSyncSyncCycle -PolicyType InitialIf sync is working correctly but the Active Directory object deletion is still not propagated to Microsoft Entra ID, manually remove the orphaned object. To do so, use one of the following Microsoft Graph PowerShell cmdlets:
For example, to manually remove orphaned user ID
john.smith@contoso.comthat was originally created by using directory synchronization, you would run the following cmdlet:$user = Get-MgUser -Filter "userPrincipalName eq 'john.smith@contoso.com'" Remove-MgUser -UserId $user.id
Contact us for help
If you have questions or need help, create a support request, or ask Azure community support. You can also submit product feedback to Azure feedback community.