In this post, I will explain how to remove users or groups from Azure AD that were synchronized into Azure AD (your tenant) but are left behind after removing Azure AD Connect – typically this is a lab scenario.
Almost every search result you will find discusses this scenario, where you want to remove users/groups from Azure AD without removing Azure AD Connect. The solution is pretty simple:
- Create an OU(s) in the “on-premises” using Active Directory (Azure AD Users & Groups). This OU will be used to store objects that won’t be synchronized to Azure AD.
- Modify the sync configuration of Azure AD Connect to sync only required OUs – exempt your new OU(s).
- Move the unwanted objects to the new OU(s).
- Wait for the next Azure AD Connect sync cycle (every 30 minutes by default), or force it yourself.
The users/groups in the exempted OU(s) will automatically be removed from Azure AD.
But what about orphaned objects when Azure AD Connect has already been uninstalled/disconnected?
Removing Orphaned Synced Users/Groups
You are going to need Azure AD PowerShell to make this work. I tried it using the v1 cmdlets, it worked, and I haven’t tried the v2 cmdlets, which might also work. Basically, you cannot do this in the Azure Portal, but you can do it using Azure AD PowerShell.
First I signed into Azure AD using a tenant administrator (global admin):
Then I queried my groups:
I removed the unwanted groups one at a time:
Get-MsolGroup -SearchString "DisplayNameOfGroup" | Remove-MsolGroup
I confirmed deletion using PowerShell – note that the Azure Portal will take a few minutes to realise that the groups were removed!
My example is done using groups, but the user version of the cmdlets should work too.
Remove-MsolUser -UserPrincipalName <userprincipalname>
Did you Find This Post Useful?
If you found this information useful, then imagine what 2 days of training might mean to you. I’m delivering a 2-day course in London on July 5-6, teaching newbies and experienced Azure admins about Azure Infrastructure. There’ll be lots of in-depth information, covering the foundations, best practices, troubleshooting, and advanced configurations. You can learn more here.