When you delete user accounts from Office 365 (en thus Azure Active Directory) these accounts are not permanently deleted, but they are kept in a Deleted Users container for 30 days. This is not only true for cloud users that are deleted in the Microsoft Online Portal, but also for synced users that are deleted in your on-premises Active Directory.
Although you can see the deleted users in the Microsoft Online Portal, there’s no way to permanently delete them here.
The solution is to use the Azure Active Directory Module for PowerShell, using PowerShell you can actually permanently delete these user account.
To retrieve a list of all users in the Deleted Users container open Azure Active Directory PowerShell and execute the following command:
To permanently remove these user accounts you can use the same command, but pipe the output of the command into the Remove-MsolUser -RemoveFromReclycleBin command. You can add the -Force option to bypass the confirmation of each user deletion (i.e. the ‘Are you sure? Yes[y], No[n]’ message).
Now when you execute the Get-MsolUser -ReturnDeletedUsers command you’ll see the all users are permanently removed.
Please be careful, once permanently removed there’s no way to restore the user accounts!
The Microsoft Directory Synchronization has been available in a variety of versions and names:
- DirSync (the original).
- Azure Active Directory Sync (AADSync).
- Azure Active Directory Connect (AADConnect).
Each version of the tool had a number of releases, for the original DirSync for example there were 14 different releases as can be seen here. Similar information for AADSync (5 releases) can be found here, and for AADConnect (12 releases) you can find it here.
In my test environment (Exchange hybrid) I’m currently running AADSync 1.0.491.413. Since the current (as of March 2016) version is AADConnect 18.104.22.168 it’s time to upgrade J
When upgrading from a previous version there are two options:
- In-place upgrade – this is the recommended way if the upgrade time takes less than three hours.
- Parallel upgrade – This is the recommended way if the upgrade time takes more than three hours.
Why three hours? The Directory Synchronization runs every three hours. It is also estimated that if you have more than 50,000 objects to synchronize, the upgrade will take more than 3 hours.
Continue reading Upgrade Azure Active Directory Synchronization to AADConnect
Office 365 is just one part of the Microsoft Online Services and you can use the Microsoft Online Portal to manage your Office 365 environment as you’ve seen in my previous blog posts.
Microsoft Azure is another part of the Microsoft Online Services. In Microsoft Azure you can use all kinds of services, servers, virtual machines and… Azure Active Directory.
The portal for Windows Azure can be found on http://manage.windowsazure.com, but when you try to logon using your tenant admin account (the one you’re using for Office 365 as well) you’ll get a warning that no subscriptions are found. This makes sense because there’s only an Office 365 subscription to this account.
Continue reading Manage Azure Active Directory in the Azure Portal
The core components of Office 365 are Exchange Online, Lync Online and SharePoint Online, all are running on top of Windows Azure Active Directory as shown in the following figure:
All services can be managed from the Microsoft Online Portal. When logged on to the portal you can select the various services under Admin in the navigation pane. It is also possible to manage Office 365 using PowerShell, but all services require a different approach or module.
Managing Windows Azure Active Directory using PowerShell
To manage Windows Azure Active Directory with PowerShell you have to install the Azure Active Directory Module for Windows PowerShell (64-bit version) but before you can use this you also have to install the Microsoft Online Services Sign-In Assistant. Continue reading Manage Office 365 with PowerShell
When creating user accounts and Mailboxes in Office 365 the default Microsoft password policy is applied, which means you have to change your password every 90 days.
While it is a best practice to change your password on a regular basis not every customer is too happy with this. I can think of one exception and that’s a service account, this makes sense to have the password set to never expire.
To change this option for user accounts in Office 365 you have to use the Windows Azure Active Directory PowerShell module to connect to Office 365 using the following commands:
$msolcred = get-credential
connect-msolservice -credential $msolcred
Continue reading Password never expire in Office 365