Issue when deleting more than 500 objects with AAD Connect

Share this:

By default, the Azure AD Connect has a limit of 500 objects that can be deleted in single shot in your Active Directory without triggering a confirmation. In my customer’s case, he deleted 1268 accounts and start receiving alerts from Microsoft Online Services Team, in this article we are going over the issue and the steps to solve it, before starting the fix make sure that you have the synchronization account handy because it will be required to complete this tutorial.

Note: the credential will be asked every single time that a cmdlet is executed.

Solution


After deleting the objects, the message received on the alert was similar to this one below.

In order to confirm the situation, we can open the miisclient.exe, and on the Connector related to Azure Active Directory (has the suffix – AAD) we will see stopped-deletion-threshold-exceeded, as depicted in the image below.

image

Logged on the server that has the AAD Connect installed, run the following cmdlet to list the current thresholdcount (by default is 500).

Get-ADSyncExportDeletionThreshold

In order to disable the feature, use the following cmdlet, you will be prompted to enter the Azure AD Sync or similar role to authenticate.

Disable-ADSyncExportDeletionThreshold

image

After disabling the feature, we can always check the status by running the same Get-ADSyncExportDeletionThreshold cmdlet, as follows.

image

Now that the feature is disabled, we can go to the Azure AD Connector, right-click on it and on the new window and click on Export.

image

The process may take a while, you can check the progress by looking at the Deletes increasing on the Export Statistics.

image

After completion we can re-enable the feature, by running the cmdlet below (in our case we defined as 666). The entire operation can be seen on the image below.

Get-ADSyncExportDeletionThreshold –DeletionThreshold 666

image

Written by Anderson Patricio

Anderson Patricio

Anderson Patricio is a Canadian MVP in Cloud and Datacenter Management, and Office Server and Services, besides the Microsoft Award he also holds a Solutions Master (MCSM) in Exchange and several other certifications. Anderson has been contributing to the Microsoft Community with articles, tutorials, blog posts, twitter, forums and book reviews. He is a regular contributor here at ITPROCentral.com, MSExchange.org, Techgenix.com and Anderson Patricio.org (Portuguese).

Related Post

Configuring Directory Synchronization in Office 36... How to start the synchronization between on-premises and Office 365 using the Office365 Admin Center Preview. In this Tutorial, we are going to run th...
Azure AD Connect– In-place Upgrade How to perform a in-place upgrade to AAD Connect (Azure Active Directory Connect).  When using DirSync tool there are two ways to upgrade to the ...
Managing Synchronization with AAD Connect Using AAD Connect synchronization settings to validate, trigger synchronization and check the status. Solution For those administrators that a...
How to install Azure Active Directory Connect Synchronization is evolving in a fast pace to keep it up with Microsoft Azure/Office 365 products. In the past we had/still have FIM, DirSync, AAD Syn...