Forum Discussion
On-Premise AD restructure
If you later uncheck an OU from the AAD, in the next 'initial' sync, the users in that OU will be deleted from Azure AD, so make sure the OUs are selected in the scope as always.
Set the AzureAD sync account as mentioned by Microsoft. So it will have only the appropriate access to perform the sync/ password resets (if you are using passthrough or pw hash sync) and etc.
Set the AAD Delete threshold to a lower number. I think the default is 500 (if that is enabled) this will stop bulk deletions (https://shehanstechblog.com/2021/02/04/aad-deletion-threshold/)
Try to change the Source Anchor to msdsconsistencyguid as that is unique even if you decide to perform a user migration to a different domain and will not conflict.
Hope this helps.
If you later uncheck an OU from the AAD, in the next 'initial' sync, the users in that OU will be deleted from Azure AD, so make sure the OUs are selected in the scope as always.
Set the AzureAD sync account as mentioned by Microsoft. So it will have only the appropriate access to perform the sync/ password resets (if you are using passthrough or pw hash sync) and etc.
Set the AAD Delete threshold to a lower number. I think the default is 500 (if that is enabled) this will stop bulk deletions (https://shehanstechblog.com/2021/02/04/aad-deletion-threshold/)
Try to change the Source Anchor to msdsconsistencyguid as that is unique even if you decide to perform a user migration to a different domain and will not conflict.
Hope this helps.
