PowerShell

Purge a Directory Synchronised Office 365 Account and Resynchronise without Removing from AD

To purge and resynchronise an AD synchronised with DirSync account from Office 365, follow these steps:

1.    Fire up Windows Azure Active Directory for Windows PowerShell (Check out managing Office 365 through Azure PowerShell here).

2.    Run the following command to connect to online service, remembering substitute our friend Fakey McFakerson for your own admin credentials.

# CONNECT TO MICROSOFT ONLINE SERVICE (SUBSTITUTE ADMIN CREDENTIALS AS APPROPIATE): 
$cred = Get-Credential -Credential [email protected] 
Connect-MsolService –Credential $cred

3.    Now, we need to grab the user Object ID. Once you obtained it copy and paste it elsewhere as you’ll need it later.

# OBTAIN THE USER'S OBJECT ID (SUBSTITUTE THE UPN AS APPROPIATE): 
Get-MsolUser -UserPrincipalName [email protected] | fl *objectID*

4.    Ok, now that we have the user Object ID we can remove the account.

# REMOVE THE USER ACCOUNT (SUBSTITUTE THE UPN AS APPROPIATE): 
Remove-MsolUser -UserPrincipalName [email protected]

5.    With the account removed, we now need to purge the account from the Office 365 Recycle Bin. This is where we use the Object ID obtained earlier. Run the following command to purge the user from recycle bin.

 

# PURGE THE ACCOUNT FROM THE RECYCLE BIN (COPY AND PASTE THE OBJECT ID IN PLACE OF THE 'X's): 
Remove-MsolUser -ObjectId xxxx-xxxx-xxxx-xxxx –RemoveFromRecycleBin

With the user(s) accounts purged from Office 365 you need to perform the Directory Synchronisation (unless you are happy to wait for it to sync on the next run? Default is every three hours).

6.   To force immediate directory synchronization, type the following into a run window on the Directory Synchronisation server:

C:Program FilesMicrosoft Online Directory SyncDirSyncConfigShell.psc1

This opens up a PowerShell window with the appropriate synchronisation commands pre-loaded.

7.   Type the following at the command prompt –

Start-OnlineCoexistenceSync

And that is it my friends, relatively quick and painless compared to the alternative of having to delete and recover an AD account or recreate from scratch. Remember to leave a comment or a like if this helps you out. Here is the code in a single block for you to copy and paste with greater ease…

 

# CONNECT TO MICROSOFT ONLINE SERVICE (SUBSTITUTE ADMIN CREDENTIALS AS APPROPIATE): 
$cred = Get-Credential -Credential [email protected] 
Connect-MsolService –Credential $cred
# OBTAIN THE USER'S OBJECT ID (SUBSTITUTE THE UPN AS APPROPIATE): 
Get-MsolUser -UserPrincipalName [email protected] | fl *objectID*
#REMOVE THE USER ACCOUNT (SUBSTITUTE THE UPN AS APPROPIATE): 
Remove-MsolUser -UserPrincipalName [email protected]
# PURGE THE ACCOUNT FROM THE RECYCLE BIN (COPY AND PASTE THE OBJECT ID IN PLACE OF THE 'X's): 
Remove-MsolUser -ObjectId xxxx-xxxx-xxxx-xxxx –RemoveFromRecycleBin

 

 

Join the discussion

  1. Kevin

    Great tip Wolfy 🙂

Leave a Reply

Skip to toolbar