This topic describes how to prevent "Accidental Deletes" feature in Microsoft Entra Connect.
in Azure AD connect , to prevent accidental deletes is enabled by default and configured to not allow an export with more than 500 deletes. This feature is designed to protect from accidental configuration changes and changes to your on-premises directory that would affect many users and other objects.
if anyone unknowingly deleted the AD objects, you may check that by following below steps:
- Start Synchronization Service from the Start Menu.
- Go to Connectors.
- Select the Connector with type Microsoft Entra ID.
- Under Actions to the right, select Search Connector Space.
- In the pop-up under Scope, select Disconnected Since and pick a time in the past. Click Search. This page provides a view of all objects about to be deleted. By clicking each item, you can get additional information about the object. You can also click Column Setting to add additional attributes to be visible in the grid.
If you really want to delete the objects, follow the below steps:
If all the deletes are desired, then do the following:
- To retrieve the current deletion threshold, run the PowerShell cmdlet
Get-ADSyncExportDeletionThreshold. The default value is 500.- To temporarily disable this protection and let those deletes go through, run the PowerShell cmdlet:
Disable-ADSyncExportDeletionThreshold. - Run Initial Sync: Start-ADSyncSyncCycle -PolicyType Initial.
- To re-enable the protection, run the PowerShell cmdlet:
Enable-ADSyncExportDeletionThreshold -DeletionThreshold 500.
That is all!
No comments:
Post a Comment