Back

TechnologyMay 16, 2016

Azure AD Sync Delete Safeguards

Marlin Todd

Accidental deletions can be very bad for your Office 365 environment, especially if those deletions are synchronized to your Azure Active Directory.

One indicator for accidental deletions is a high number of staged deletions.

To minimize the impact of accidental deletions, the AAD Sync tool enables you to set a threshold for staged deletions. If the number of staged deletions exceeds your configured threshold, the Directory Sync tool considers the staged deletions to be accidental or unwanted deletions. In this case, all staged deletions in a processing cycle are not synchronized to Azure Active Directory. This blog post will explain how to manage this feature.

I had to add a filter rule for one of our clients to filter out about 3,500 accounts. When it came time to export these deletes to Azure AD, the Sync Client reported stopped-server-down and after trying again it reported stopped-extension-dll-exception.

Then I decided to give the Event Log a look and saw Event ID Error 107:

Picture1

After doing some research, I discovered you’ll get an error if you are changing the sync rules or filtering anything that causes more than 500 object deletes. This is a safeguard to keep sys admins from inadvertently deleting objects in Azure AD. Microsoft is trying to save us from ourselves!

The workaround involves using these PowerShell commands on the Azure AD Connect server:

Import-Module ADSync

Disable-ADSyncExportDeletionThreshold

Then supply global admin credentials for your Azure AD/Office 365 tenant.

You can get more information here.

If you do disable your deletion threshold completely, remember to re-enable the threshold again after running:

Import-Module ADSync

Enable-ADSyncExportDeletionThreshold

Hopefully this will save you some time when you run in to this issue in your environments.

Do you want to explore options for adopting Office 365 or Microsoft Azure? Credera has extensive experience in designing, planning, and implementing cloud solutions. If you have questions about this blog post, points of view, or IT infrastructure, please leave a comment below, tweet us @CrederaIT, or contact us online.

Modernize applications and support business initiatives with Microsoft Azure

Explore Our Microsoft Consulting Services  →