Object that's deleted from the on-premises Active Directory isn't removed from Windows Azure AD after directory synchronization

Article ID: 2709902 - View products that this article applies to.

Not sure what release of Office 365 you're using? Go to the following Microsoft website:
Am I using Office 365 after the service upgrade?
(http://office.microsoft.com/redir/HA103982331.aspx)
Expand all | Collapse all

PROBLEM

Consider the following scenario:
  • You have an on-premises Active Directory object.
  • Directory synchronization is used to sync the Active Directory object to Windows Azure Active Directory (Windows Azure AD). This creates a linked object in Office 365.
  • You delete the on-premises Active Directory object.
In this scenario, the linked object isn't removed from Windows Azure AD.
Back to the top | Give Feedback

CAUSE

This issue may occur if one of the following conditions is true:
  • Directory synchronization hasn't yet occurred.
  • Directory synchronization unexpectedly failed to delete a specific cloud object and results in an orphaned Windows Azure AD object.
Back to the top | Give Feedback

SOLUTION

To fix this issue, follow these steps:
  1. Manually run a directory synchronization update. For more info about how to do this, go to the following Microsoft website:

    Force directory synchronization
    (http://technet.microsoft.com/en-us/library/jj151771.aspx#BKMK_SynchronizeDirectories)
  2.  Check that directory synchronization occurred correctly. For more info about how to do this, go to the following Microsoft website:

    Verify directory synchronization
    (http://technet.microsoft.com/en-us/library/jj151797.aspx)
  3. If sync is working correctly but the Active Directory object deletion is still not propagated to Windows Azure AD, you can manually remove the orphaned object by using one of the following Windows Azure Active Directory Module for Windows PowerShell cmdlets:
    Remove-MsolContact

Remove-MsolGroup

Remove-MsolUser
    For example, to manually remove orphaned user ID john.smith@contoso.com that was originally created by using directory synchronization, you would run the following cmdlet:

    Remove-MsolUser –UserPrincipalName John.Smith@Contoso.com
Back to the top | Give Feedback

MORE INFORMATION

For more info about Windows PowerShell cmdlets, go to the following Microsoft website:
Windows PowerShell cmdlet descriptions
(http://technet.microsoft.com/en-us/library/jj151835.aspx)
Back to the top | Give Feedback

Still need help? Go to the Office 365 Community
(http://community.office365.com/)
website.
Back to the top | Give Feedback

Properties

Article ID: 2709902 - Last Review: May 15, 2013 - Revision: 8.0
Applies to
  • Microsoft Office 365 for enterprises (pre-upgrade)
  • Microsoft Office 365 for education  (pre-upgrade)
  • Windows Azure Active Directory
Keywords: 
o365 o365a o365e o365062011 pre-upgrade o365022013 after upgrade KB2709902
Back to the top | Give Feedback

Give Feedback

 
Back to the topBack to the top