How to remove Users (Objects) that were synchronized through the Azure active directory connect tool

Have you been tried to delete users from Azure active directory or office 365 but failed? The error shows couldn’t delete this user because the account is synchronized with your on-premises server. You can delete the user from your on-premise server. If your Azure AD connect server still alive, that’s easy to solve, you can delete the user from on-premise domain controller, it will remove the user atomically. If the on-promise Azure AD connect server is no longer available, you can’t manage or delete the user (object) from the on-premises environment, please follow steps as below to delete it.

1.Open PowerShell run as administrator, run below cmdlet to Install Windows Azure Active Directory module.



Install-Module -Name MSOnline


2.Click A to allow installation.

3.Type follow cmdlet to connect Azure Active Directory.



Connect-MsolService


4.Type office 365 global admin email, click Next.

5.Type the global admin account password, click Sign in.

6.Run below cmdlet to disable directory synchronization, click Y to confirm.



Set-MsolDirSyncEnabled -EnableDirSync $false


7.Run below cmdlet to verify the directory synchronization was fully disabled.



(Get-MSOLCompanyInformation).DirectorySynchronizationEnabled


8.Login to Microsoft office 365 admin center, select Active users.

9.On the Active users page, select the user and click Delete user.

10.On the Delete this user? page, click Delete User.

11.Verify the user has been deleted successfully, click Close.

12.If you cannot remove it from Microsoft 365 admin center, in my case, I cannot remove the Directory synchronization account.

12.Open PowerShell run as administrator, run below cmdlet, click Y to confirm.

In my case.



Remove-MsolUser -UserPrincipalName <a href="mailto:Sync_GDMDC01_1dafc196bf6e@gooddealmart.onmicrosoft.com">Sync_GDMDC01_1dafc196bf6e@gooddealmart.onmicrosoft.com</a>
	

13.Refresh Microsoft 365 admin center, verify the account have been deleted successfully.

This steps also wok for Azure AD connect server still live but happen unexpected behavior, when You deleted user (object) from the on-premises AD DS. However, the user (object) wasn’t deleted from the Azure AD or Office 365.

You just need to run below cmdlet to reenable active directory synchronization after removed user (Object).



Set-MsolDirSyncEnabled -EnableDirSync $true


Hope you enjoy this post.

Cary Sun

Twitter: @SifuSun

Web Site: carysun.com

Blog Site: checkyourlogs.net

Blog Site: gooddealmart.com

Author: Cary Sun

Cary Sun is a Principal Consultant, He has a strong background specializing in datacenter and deployment solutions, and has spent over 20 years in the planning, design, and implementation of network technologies and Management and system integration.He hold CISCO CERTIFIED INTERNETWORK EXPERT (CCIE No.4531) from 1999.Cary is also a Microsoft Most Valuable Professional (MVP) and Cisco Champion, He is a published author with serveral titles, include blogs on Checkyourlogs.net, author for many books. Specialties: CCIE /CCNA / MCSE / MCITP / MCTS / MCSA / Solution Expert / CCA
Blog:
http://www.carysun.com http://www.checkyourlogs.net http://gooddealmart.com
Twitter:@SifuSun

Leave a Reply