Forum Discussion
Azure AD Connect: Filtering out local AD users not working
Deleted
The regular AD Connect flow is as follows:
- Disable account in AD
- Account gets disabled in AAD, like below:
If it's disabled, the Onedrive will still exist
Only if you delete the account, will the account be deleted in AzureAD.
If the account is deleted in AAD, when you disable the account in local AD. There must be some misconfiguration because that is done by design.
Do you also change the OU of the account?
Thijs Lecomte Well, no. We simply disable the AD account. And with this sync rule I was hoping that the deletion would not be replicated to AAD removing the account there since this will trigger the deletion of the user's OneDrive which is what we want to avoid when we know that the user will return after a couple of months.
- Btw, the deletion of account starts deleting OneDrive after retention period is over, which you can also extend up to 10 years.
Deleted
The regular AD Connect flow is as follows:
- Disable account in AD
- Account gets disabled in AAD, like below:
If it's disabled, the Onedrive will still exist
Only if you delete the account, will the account be deleted in AzureAD.
If the account is deleted in AAD, when you disable the account in local AD. There must be some misconfiguration because that is done by design.
Just to confirm what Thijs said - disabling the account in AD should NOT result in deletion of the corresponding Azure AD/Office 365 account. If that happens, you have a custom rule in place and you should edit it accordingly to exclude those users.
