Azure AD Connect is configured to perform automatic updates by default. When version 1.4.x.0 (in my case 1.4.18.0) is installed, device objects previously synced to Azure AD might be removed. Previous versions of Azure AD Connect synchronized devices that were not relevant. So, this release is cleaning them up.
For details, see:
In
larger organizations, the number of devices deleted might be more than 500
which exceeds the deletion threshold. At this point, Azure AD Connect stops
syncing. You might not notice it right away, but any new user accounts will not
be synced up to Azure AD/Office 365.
In the Synchronization Service app, you will see a line with the status of:
stopped-deletion-threshold-exceeded
Before you attempt to fix the issues, you should verify that it is only device
objects an not another accidental deletion issue. The steps for this from
Microsoft are:
1.
Start Synchronization
Service from the Start Menu.
2.
Go to Connectors.
3.
Select the Connector with type Azure
Active Directory.
4.
Under Actions to
the right, select Search
Connector Space.
5.
In the pop-up under Scope,
select Disconnected
Since and pick a time in the past. Click Search. This page
provides a view of all objects about to be deleted. By clicking each item, you
can get additional information about the object. You can also click Column Setting to
add additional attributes to be visible in the grid.
The fix for this issue is to allow the device deletes to occur by either
increasing the threshold or disabling the threshold. You do this on your Azure
AD Connect server using PowerShell.
To disable the threshold:
Disable-ADSyncExportDeletionThreshold
To
increase the threshold:
Enable-ADSyncExportDeletionThreshold
-DeletionThreshold 1000
To
set the threshold back to default:
Enable-ADSyncExportDeletionThreshold
-DeletionThreshold 500
The
Microsoft documentation about the deletion threshold is here:
0 Comments