Skip to main content

Cleanup AD Dirsync Partitions

If you just installed DirSync and started a sync between your AD and the Azure AD (Office 365) you will notice that all sorts of crap has been transferred online.

Time for a clean-up!

First of all, create an OU, Users if not already. Then make 5 more OUs, Active Users, Disabled Users, Shared Resources, Distribution Groups, Security Groups. Then move the objects you have active in there. You need to have a tidy AD to do this right!

Then on you dirsync server go to : C:\Program Files\Windows Azure Active Directory Sync\SYNCBUS\Synchronization Service\UIShell\miisclient.exe and start the client.

On the Management Agents Tab, select the Active directory connector, then properties, Configure directory partitions. Then Containers.  Select the containers you made in previous steps, excluding Disabled users.

Now, next sync will be only for those partitions! Now time for the actual clean-up. We need to get rid of all the extra items that have been carried into our 365.

On the same screen, go under “Configure de-provisioning” and select “Stage a delete on the object for the next export run”

Open Regedit and browse to HKEY_LOCALMACHINE\Software\Microsoft\MSOLCoExistence. Modify theFullSyncNeeded registry entry to a value of 1, and then click OK. This value will be reset to 0 after a full synchronization is completed.

Force a sync using powershell  (Import-Module Dirsync, Start-OnlineCoexistenceSync)

 

You are done!

 

 

upggr

I am the one