This weblog publish is a mixture of previous and new options of Azure AD Attach Sync and Azure AD Cloud Sync gear. AAD Attach Sync function used to be there already and what’s new is the Sync Consumer’s function of stopping unintended deletion.
There may also be many causes for this type of mishap to happen
- Intentional or unintended deletions
- Converting Azure AD Sync scopes and unchecking OUs which can be already syncing
- An OU is renamed so all items in it are regarded as to be out of scope for synchronization
What I can be Overlaying? 👇🏽
- The best way to Configure Azure AD Attach Sync
- The best way to Configure Azure AD Cloud Sync
- Wrapping Up
The best way to Configure Azure AD Attach Sync
The default price to halt the operation is 500, however this may also be modified to a decrease quantity to reduce the chance.
Command to look the present threshold
Run the beneath command via logging to the Azure AD Attach server
Exchange the edge as required
enable-ADSyncExportDeletionThreshold -DeletionThreshold 10
What is going to occur?
- This may occasionally mainly prevent exporting the deletion alternate to Azure AD which can take away the customers from the listing. Admins can safely reinstate the native AD accounts/ OU scopes and opposite the placement
- Synchronization Carrier Supervisor (MIIS.exe) will throw the stopped-deletion-threshold-exceeded standing
- This may occasionally additionally ship an alert e mail to the administrator bringing up the problem
Test which items are about to be deleted
- Get started Synchronization Carrier > Connectors > Azure Energetic Listing
- Underneath Movements to the proper, make a choice Seek Connector House.
- Within the pop-up beneath Scope, make a choice Disconnected Since and pick out a time prior to now. Click on Seek. This web page supplies a view of all items about to be deleted. Via clicking every merchandise, you’ll be able to get further details about the item. You’ll be able to additionally click on Column Environment so as to add further attributes to be visual within the grid.
The best way to Configure Azure AD Cloud Sync
As of September 2022, that is the newest announcement from Microsoft as they’ve now enabled the similar within the Azure AD Cloud Sync software as smartly.
This must be controlled in the course of the Azure AD portal itself. If you have already got the Cloud Sync software put in and operating,
- Move to the Entra Portal (https://entra.microsoft.com)
- Azure Energetic Listing > Hybrid Control > Azure AD Attach > Set up Azure AD cloud sync
- Click on at the area beneath Configuration
Test the phase beneath Settings. Give you the identical information with the notification e mail deal with, save you take a look at mark, and the edge. Via default, it’s 500 however as you’ll be able to see beneath I’ve set it to a few.
When the sync runs it’ll establish the deletion and makes the standing as Delete threshold exceeded. You’ll be able to click on the three dots subsequent to the standing and make a choice View provisioning logs. In case you are positive concerning the deletion, you’ll be able to make a choice Permit deletions choice.
Provisioning Logs will supply you all of the main points associated with the sync, however filter out the Movements with StagedDelete
If you do not need to permit the deletions, you wish to have to do the next:
- examine the supply of the deletions
- repair the problem (for instance, OU used to be moved out of scope by accident and you have got now re-added it again to the scope)
- Run Restart sync at the agent configuration
Whilst it’s more secure to have a smaller quantity for the edge, it’s at all times really helpful to allow the AD Recycle Bin and in relation to person deletion, the accounts may also be reinstated with out a lot of a bother.