Delete on-prem AD user but retain Azure AD user


  • Here is the situation:

    We use Azure AD Connect for our hybrid environment.  We have a need to get rid of a lot of users on our on-prem AD environment but retain their users in the cloud.  These are remote users that rarely touch our domain controller and we'd like them to be able to manage their own passwords.  Before anyone suggests it, we don't want to implement password writeback with Azure AD Premium.

    I've been trying to accomplish this using some instructions that somebody scrapped together in 2016 and they look like this:

    1. Delete the user in AD (or move them to an OU that doesn't sync to Azure AD)

    2. Refresh the schema in Azure AD Connect

    3. Force a delta sync

    4. Restore the user from the deleted users category in the 365 Admin Center

    5. Force another delta sync

    The problem is that on the step 5 delta sync, we get the error "exported-change-not-reimported" on the delta import step of the cloud connector and the user gets deleted again.

    Does anyone know how to do what I'm trying to accomplish?  I can't seem to find a way to do it and google searching only turns up the process I just described (which doesn't work).



    Thursday, April 20, 2017 6:12 PM

All replies