Object deletions aren't synchronized to Microsoft Entra ID when using the Azure AD Connect
Original product version: Cloud Services (Web roles/Worker roles), Microsoft Entra ID, Microsoft Intune, Azure Backup, Office 365 Identity Management
Original KB number: 2709902
Symptoms
Consider the following scenario:
- You have an on-premises Active Directory object.
- Directory synchronization is used to sync the Active Directory object to Microsoft Entra ID. It creates a linked object.
- You delete the on-premises Active Directory object.
In this scenario, the linked object isn't removed from Microsoft Entra ID.
Cause
This issue may occur if one of the following conditions is true:
- Directory synchronization hasn't yet occurred.
- Directory synchronization unexpectedly failed to delete a specific cloud object and results in an orphaned Microsoft Entra object.
Resolution
To fix this issue, follow these steps:
Ensure that the ADSyncTools module is installed for PowerShell. For more information, see Microsoft Entra Connect: ADSyncTools PowerShell Reference.
Run the following ADSync command to force directory synchronization:
Start-ADSyncSyncCycle -PolicyType Initial
If sync is working correctly but the Active Directory object deletion is still not propagated to Microsoft Entra ID, manually remove the orphaned object. To do so, use one of the following cmdlets in Azure Active Directory module for Windows PowerShell:
Remove-MsolContact
Remove-MsolGroup
Remove-MsolUser
Note
Azure AD and MSOnline PowerShell modules are deprecated as of March 30, 2024. To learn more, read the deprecation update. After this date, support for these modules are limited to migration assistance to Microsoft Graph PowerShell SDK and security fixes. The deprecated modules will continue to function through March, 30 2025.
We recommend migrating to Microsoft Graph PowerShell to interact with Microsoft Entra ID (formerly Azure AD). For common migration questions, refer to the Migration FAQ. Note: Versions 1.0.x of MSOnline may experience disruption after June 30, 2024.
For example, to manually remove orphaned user ID
john.smith@contoso.com
that was originally created by using directory synchronization, you would run the following cmdlet:Remove-MsolUser -UserPrincipalName John.Smith@Contoso.com
Contact us for help
If you have questions or need help, create a support request, or ask Azure community support. You can also submit product feedback to Azure feedback community.
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for