Home

How to stop disabled user accounts from syncing with Azure AD Connect

%3CLINGO-SUB%20id%3D%22lingo-sub-63718%22%20slang%3D%22en-US%22%3EHow%20to%20stop%20disabled%20user%20accounts%20from%20syncing%20with%20Azure%20AD%26nbsp%3BConnect%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-63718%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20again%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CDIV%20class%3D%22hfeed%20site%22%3E%3CDIV%20class%3D%22wrapper%22%3E%3CDIV%20class%3D%22site-content%22%3E%3CDIV%3E%3CDIV%20class%3D%22entry-content%22%3E%3CP%3EI%20was%20experimenting%20these%20days%20using%20Azure%20AD%20Connect%2C%20the%20tool%20that%20let's%20you%20synchronize%20your%20on-premises%20AD%20accounts%20to%20Azure%20AD.%20So%20I%20thought%3A%20what%20happens%20when%20you%20have%20some%20disabled%20user%20accounts%20in%20your%20on-premises%20AD%20environment%3F%20Do%20you%20really%20need%20them%20to%20synchronize%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EProbably%20not.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20we'll%20see%20what%20you%20have%20to%20do%20in%20case%20you%20don't%20want%20to%20bring%20up%20to%20Azure%20AD%20your%20disabled%20user%20accounts.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20read%20the%20rest%20of%20the%20article%20%3CA%20href%3D%22https%3A%2F%2Fspanougakis.wordpress.com%2F2016%2F02%2F28%2Fhow-to-stop-disabled-user-accounts-from-syncing-with-azure-ad-connect%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehere%3C%2FA%3E.%3C%2FP%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-63718%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20Management%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-298384%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20stop%20disabled%20user%20accounts%20from%20syncing%20with%20Azure%20AD%26nbsp%3BConnect%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-298384%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20for%20posting%20this.%20I%20just%20installed%20the%20latest%20version%20of%20Azure%20AD%20Connect%20on%20Windows%20Server%202016%20and%20it%20worked%20instantly.%20We%20have%20automated%20automatically%20disabling%20our%20accounts%20after%20a%20certain%20period%20of%20time%20so%20now%20only%20active%20accounts%20appear%20in%20Azure%20AD%20making%26nbsp%3Bthings%20easier%20to%20manage.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-67593%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20stop%20disabled%20user%20accounts%20from%20syncing%20with%20Azure%20AD%26nbsp%3BConnect%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-67593%22%20slang%3D%22en-US%22%3E%3CP%3ERegarding%20the%20expired%20or%20locked%20out%20accounts%2C%20it's%20already%20there%2C%20if%20you%20go%20through%20the%20article%3A%3C%2FP%3E%3CP%3E%22Select%20%3CSTRONG%3Euseraccountcontrol%3C%2FSTRONG%3E%20for%20the%20Attribute%20and%20then%20select%20the%20%3CSTRONG%3EISBITSET%3C%2FSTRONG%3E%20operator%20with%20a%20value%20of%202%20(If%20you%20want%20to%20know%20what%20is%20really%20this%20value%2C%20take%20a%20look%20here%3A%20%3CA%20title%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fkb%2F305144%22%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fkb%2F305144%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fkb%2F305144%3C%2FA%3E)%22.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-64033%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20stop%20disabled%20user%20accounts%20from%20syncing%20with%20Azure%20AD%26nbsp%3BConnect%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-64033%22%20slang%3D%22en-US%22%3E%3CP%3EThat%20one%20is%20easy%20though%2C%20I'd%20love%20to%20see%20more%20tricky%20examples%20published%20on%20docs.com%20or%20your%20blog.%20For%20example%20locked%20out%20accounts%2C%20or%20expired%20ones%2C%20or%20similar%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Chris Spanougakis
Occasional Contributor

Hello again,

 

I was experimenting these days using Azure AD Connect, the tool that let's you synchronize your on-premises AD accounts to Azure AD. So I thought: what happens when you have some disabled user accounts in your on-premises AD environment? Do you really need them to synchronize?

 

Probably not.

 

So we'll see what you have to do in case you don't want to bring up to Azure AD your disabled user accounts.

 

Please read the rest of the article here.

3 Replies

That one is easy though, I'd love to see more tricky examples published on docs.com or your blog. For example locked out accounts, or expired ones, or similar :)

Regarding the expired or locked out accounts, it's already there, if you go through the article:

"Select useraccountcontrol for the Attribute and then select the ISBITSET operator with a value of 2 (If you want to know what is really this value, take a look here: https://support.microsoft.com/en-us/kb/305144)".

 

 

Thanks for posting this. I just installed the latest version of Azure AD Connect on Windows Server 2016 and it worked instantly. We have automated automatically disabling our accounts after a certain period of time so now only active accounts appear in Azure AD making things easier to manage.

Related Conversations
Extentions Synchronization
ChirmyRam in Discussions on
3 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
35 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies