Forum Discussion
On-Premise AD restructure
We have a long neglected AD infrastructure and internal will has finally risen to restructure into New OUs. Other than keeping AAD Connect pointed at the new OU Structure is there any major concerns I need to worry about? I don't think changing OU structure effects AAD users Since the are connected via UUID and ProxyAddresses. What other things should I look at?
If you later uncheck an OU from the AAD, in the next 'initial' sync, the users in that OU will be deleted from Azure AD, so make sure the OUs are selected in the scope as always.
Set the AzureAD sync account as mentioned by Microsoft. So it will have only the appropriate access to perform the sync/ password resets (if you are using passthrough or pw hash sync) and etc.
Set the AAD Delete threshold to a lower number. I think the default is 500 (if that is enabled) this will stop bulk deletions (https://shehanstechblog.com/2021/02/04/aad-deletion-threshold/)
Try to change the Source Anchor to msdsconsistencyguid as that is unique even if you decide to perform a user migration to a different domain and will not conflict.
Hope this helps.
If you later uncheck an OU from the AAD, in the next 'initial' sync, the users in that OU will be deleted from Azure AD, so make sure the OUs are selected in the scope as always.
Set the AzureAD sync account as mentioned by Microsoft. So it will have only the appropriate access to perform the sync/ password resets (if you are using passthrough or pw hash sync) and etc.
Set the AAD Delete threshold to a lower number. I think the default is 500 (if that is enabled) this will stop bulk deletions (https://shehanstechblog.com/2021/02/04/aad-deletion-threshold/)
Try to change the Source Anchor to msdsconsistencyguid as that is unique even if you decide to perform a user migration to a different domain and will not conflict.
Hope this helps.