Sep 16 2020
- last edited on
Jan 14 2022
We have a federated domain in Azure. -> eg. fed.dom.lo.com
the AD Connect was set up and it had synchronized all the users in our on-prem domain controller to the Azure.
Assume we had 20k users in the specific OU, which was set for the sync. Now, the change that came in would want us to sync users which have a specific attribute set.
ie, departmentName = xyz and not all.
My doubts are as below,
1.What would happen to the existing users in Azure federated domain, would there be a clean up automatically done? ex, users synced are 20k, but users with attribute are just 3k.
2.How would we do a clean up on Azure domain?
3. Could we delete all the users on Azure domain and add the inbound sync rule to have the limited users show up again?
or any better way to achieve this.
Sep 16 2020 08:30 AM
If you remove a user from the sync scope, the corresponding object in Azure AD will be deleted along with all its data across O365, so make sure you are certain you want to do this. It doesnt matter if the domain is federated or not.
And you'll probably run into the deletion threshold: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-feature-prevent-a...