Azure AD Connect and Deleting a Large Number of On-Premises Users

So, here's a handy URL to bookmark:

https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnectsync-feature-prevent-accidental-deletes/

This is the page that explains how to get Azure AD Connect moving again if it gets stuck due to a large number of on-premises account deletions.

Being in the retail sector, our company hires, and subsequently terminates, a large number of seasonal associates, and this year was no different. This morning, I found several messages in my inbox from the "MSOnlineServicesTeam", stating that...

"the Identity synchronization service detected that the number of deletions exceeded the configured deletion threshold for [company name]. A total of 16402 objects were sent for deletion in this Identity synchronization run. This met or exceeded the configured deletion threshold value of 500 objects.

We need you to provide confirmation that these deletions should be processed before we will proceed."

The accompanying link leads to a site with instructions for disabling the limit for DirSync, but also has the above link for similar instructions for Azure AD Connect users.

First, verify that your pending deletes are not accidental. I checked with our HR department to confirm that they terminated those 16000+ associates yesterday, and then ran the following powershell command from the Azure AD Connect server:

Disable-ADSyncExportDeletionThreshold

Next, either wait for the scheduled synchronization task to run, or kick it off manually. Either way, it's going to take much longer than normal to push all those deletes up to Office 365.

Finally, be sure to re-enable the delete threshold, just to be safe.

Enable-ADSyncExportDeletionThreshold

Thanks to Andreas Kjellman and his team for all the great work they've done on Azure AD Connect.