Deleting a User from O365 and AD
If you installed Azure AD Connect syncing users from on premise Active Directory you will be unable to delete user accounts from the Office portal. You can delete the user from your on-premises server. Upps, you already deleted user from on your on-premises AD. What you should do?
“Couldn’t delete this user because the account is synchronized with your on-premises servers. You can delete the user from your on-premises server”
If you delete user/group from your on-prem AD, and are using Azure AD sync, and it doesn’t get deleted from the online tenant, you can manually delete it this way.
You can download the Azure AD Powershell module using the following command
Install-Module -Name AzureRM -AllowClobber
Then “Install-Module Msonline” and “Install-Module AzureAD”
You can then connect to Office 365 using the following command
Connect-MsolService
The Set-MsolDirSyncFeature cmdlet sets identity synchronization features for a tenant. We need to disable directory sync for a while.
Set-MsolDirSyncEnabled -EnableDirSync $false
Once this command has run, it takes minimum 5 minutes to propagate through Azure AD
OMG…thank you for this tutorial, you saved me lots of strife today! I wish I never installed Azure AD, it used the domain name for email addresses and would not allow me to remove the affected users making it a nightmare to know which account to fix, plus it imported users that were terminated years ago up until now…that is hundreds of people!
Thank you, thank you, thank you!!!
Be careful using Set-MsolDirSyncEnabled -EnableDirSync $false as this cause AADC to do a full syn of on prem AD to Azure AD that can take up to 72 hour to complete rendering AADC unusable.
Until the sync is complete you cannot run the enable command – Set-MsolDirSyncEnabled -EnableDirsync $True.
More dets here –
https://docs.microsoft.com/en-us/powershell/module/msonline/set-msoldirsyncenabled?view=azureadps-1.0
Very helpful info. My latest two incidents were:
1. Premier Plan2 production AAD with 50K objects, took 13 hours to fully disabled. Took another 2 hours full re-sync after re-enabled.
2. Test AAD with 200 objects in Plan1, took 20 hours. Cheap plan took longer.
Thanks all.