While deleting an orphaned user from O365, I got the error Couldn’t delete this user because the account is synchronized with your on-premises servers. You can delete the user from your on-premises server.
As per Microsoft, this issue may occur if one of the following conditions are true :-
- Case 1 – The on-premises AD DS is no longer available. Therefore, you can’t manage or delete the object from the on-premises environment.
- Case 2 – You deleted an object from the on-premises AD DS. However, the object wasn’t deleted from your cloud service organization. This is unexpected behavior.
I wanted to remove objects that were created through directory synchronization from Azure Active Directory (Azure AD). But the fact is you can’t remove the orphaned user account by using the Microsoft cloud service portal in Office 365, Azure, or Microsoft Intune or by using Windows PowerShell.
Couldn’t Delete this user because the account is synchronized with your on-premises servers
To fix “Couldn’t delete this user because the account is synchronized with your on-premises servers” issue, perform the below steps.
Step 1 – Install the Azure Active Directory Module for Windows PowerShell
First of all to manage users and organization settings in Office 365 via PowerShell, you need to install the Azure Active Directory PowerShell Module. This can be installed using PowerShell.
Right-click Windows PowerShell and choose Run as administrator. Type the below command and press Enter.
Install-Module -Name MSOnlineType Y to install and import the NuGet provider. Next, type Y again to trust the repository.
Step 2 – Connect to Azure AD
After you install the Azure AD module, you can now connect to Azure AD using the command.
Connect-MsolServiceWhen you enter this command, you get a sign in box. Type your Office 365 admin credentials and connect to Azure Active Directory via PowerShell.
Step 3 – Disable Directory Synchronization
In this step using the below command, disable directory synchronization.
Set-MsolDirSyncEnabled –EnableDirSync $falseWhen you enter the above command, confirm the operation by typing Y.
Step 4 – Check Directory Synchronization Status
You can find the directory sync status using the below command.
(Get-MSOLCompanyInformation).DirectorySynchronizationEnabledContinue to run this cmdlet periodically until it returns False, and then go to the next step.
Step 5 – Delete the orphaned object
After you perform Step 4, don’t expect that you can delete the orphaned user object quickly. That’s because it may take 72 hours for deactivation. In my lab it took around 2 minutes and I could delete the orphaned object.
Now try to delete user object by using Windows PowerShell or by using the cloud service portal and it should work. Congratulations we have successfully fixed “Couldn’t delete this user because the account is synchronized with your on-premises servers” issue.
Finally to re-enable directory synchronization, run the following cmdlet :-
Set-MsolDirSyncEnabled -EnableDirSync $true
Thanks, had a user I couldn’t delete and it would send a bounce to anyone who sent an all staff email. This sorted it!
Had this same problem and eventually, I realized I just had to go into the Azure AD part and click delete the user and it deleted.
Thank You Very Much
Worked fine. Excellent Post.
Beware:
I tried this and found it not to be a 3 second task. the change each way can take upto 72 hours each way.
https://docs.microsoft.com/en-us/office365/troubleshoot/active-directory/pending-state-issue-with-directory-synchronization
You need to wait until ‘(Get-MSOLCompanyInformation).DirectorySynchronizationStatus’ stops returning the value of ‘PendingDisabled’
If it still says ‘PendingDisabled’ then ‘Set-MsolDirSyncEnabled -EnableDirSync $true’ will error. “Set-MsolDirSyncEnabled : You cannot turn off Active Directory synchronization.”
Awesome stuff. Thank you
fantastic , it works. thank you