AADSync – Force Sync

When I first installed the new AADSync tool, I struggled to figure out how to force a synchronisation. In the first release of DirSync, you would use the following commands from an Administrative CMD prompt to force a sync:

cd "C:\Program Files\Microsoft Online Directory Sync"
Start-OnlineCoexistenceSync (optional: -FullSync)

Then DirSync was upgraded to version  6862.0000 and the process changed. First you opened a Powershell prompt (as Administrator, of course) and then ran:

Import-Module DirSync
Start-OnlineCoexistenceSync (optional: -FullSync)

In the new AADSync tool, the process has again changed. There is now a task in Task Scheduler called Azure AD Sync Scheduler which controls the running of the AADSync tool. The FullSync parameter used to force a full synchronisation, but you now use the Initial parameter to do this. You can force a sync by opening an Administrative CMD prompt and running:

cd "C:\Program Files\Microsoft Azure AD Sync\Bin"
DirectorySyncClientCMD.exe delta (optional: initial)

Purge a user account from Office 365

Today I made a mistake and accidentally linked together a standalone Office 365 account with an account synchronised from Active Directory. The ‘in cloud’ user became linked to the AD account and became ‘synchronised with Active Directory’. This wouldn’t usually be a problem and is done by design if the two UPNs match each other. My main problem was that the ‘in cloud’ user already had a mailbox, and so did the user in AD. This leads to a split-brain scenario whereby both systems believe to be hosting the mailbox. As I was about to configure a Hybrid Deployment, this is not a good thing.

Luckily the Office 365 account did not hold any required information in Exchange Online or SharePoint/OneDrive. In order to clean up the objects I moved the affected user into an OU which was not being synchronised and then performed a delta sync. This moved the object in Office 365 into the Deleted Users container. A deleted user in Office 365 remains in this container for 30 days before it is removed, however I did not have the luxury of waiting this long.

In order to purge the user account from Office 365 completely, I went into Office 365 powershell and ran the following command:

Remove-MsolUser -UserPrincipalName username@domain.com –RemoveFromRecycleBin –Force

This purges the item from the Deleted Users container. In Active Directory, I then moved the user object back into it’s original OU, and forced a sync. This provisioned a new user in Office 365. When applying the license to said user, I was correctly informed that the on premise mailbox had not been migrated to Exchange Online. Success!