Azure AD synce with On premise AD

Shawn G 1 Reputation point
2020-02-15T17:39:00.627+00:00

So here's the scenario i'm having. i installed the azure AD connect tool on my on prem DC. everything worked great except one item. I just did the default express install and of course that included my whole OU of the company. which in turned imported every user on that domain. I then followed these steps to correct my issue. customized it selected only OU's we want to sync to Azure AD from our on prem domain.

https://aidanfinn.com/?p=21171

I have forced replication in the azure AD sync tool via powershell, waited for almost 4 hours and users are still in azure AD that arent in the selected OU's we had selected. how do i got about getting those users out of azure AD that aren't in the OU's we only want synced from on premi AD. Thanks as always for any help.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,383 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Christoffel Suttorp 1 Reputation point
    2020-02-15T22:27:18.537+00:00

    Have you forced a full or delta sync from on prem to aad after your custom configuration of aad connect?
    After a full sync you could remove the aad object with the powershell cmdlets mentioned in your link, I think.

    0 comments
  2. Shawn G 1 Reputation point
    2020-02-16T01:20:07.08+00:00

    This is now resolved.
    Csuttirp you def had one part which helped right full sync

    so heres what i had to do from this article
    https://www.reddit.com/r/Office365/comments/b9ousl/removed_a_ou_from_ad_sync_how_long_till_the_users/

    steps
    since i had over 500 objects had disable this threshold Disable-ADSyncExportDeletionThreshold

    then ran full sync
    Start-AdSyncSyncCycle -PolicyType Initial

    and everything synced up correctly..

    0 comments