Microsoft automatically enables security defaults in new Microsoft 365 tenants to protect you from phishing…
Stopped deletion threshold exceeded – Azure AD Connect
Azure AD Connect stopped syncing to Azure AD. Looking in Azure AD Connect Synchronization Service Manager, the sync shows the status stopped-deletion-threshold-exceeded. In this article, you will learn why this is happening and the solution for stopped deletion threshold exceeded.
Table of contents
Stopped deletion threshold exceeded
Start Azure AD Synchronization Service Manager. The status shows stopped-deletion-threshold-exceeded.
Why are we getting this error, and what is the solution for stopped-deletion-threshold-exceeded?
Get Azure AD synchronization export deletion threshold
Run PowerShell as administrator. Run the Get-ADSyncExportDeletionThreshold cmdlet to check both the objects DeletionPrevention and TresholdCount.
- DeletionPrevention is 1 (enable)
- ThresholdCount is 500 (default AD objects)
PS C:\> Get-ADSyncExportDeletionThreshold
DeletionPrevention ThresholdPercentage ThresholdCount
------------------ ------------------- --------------
1 0 500
Microsoft did create the AD sync export deletion threshold feature to protect customers from accidental Azure AD Connect configuration changes and changes to local Active Directory that affect more than 500 AD objects.
Solution for stopped deletion threshold exceeded
The solution for stopped-deletion-threshold-exceeded is to disable the export deletion threshold with PowerShell. After that, force sync Azure AD sync and verify that the export succeeds without errors. As of last, revert the change to the default for protection. Let’s have a look at it step by step.
Step 1: Disable Azure AD Connect sync export deletion threshold
Disable Azure AD Connect sync export deletion threshold with the Disable-ADSyncExportDeletionThreshold cmdlet.
PS C:\> Disable-ADSyncExportDeletionThreshold
DeletionPrevention ThresholdPercentage ThresholdCount
------------------ ------------------- --------------
0 0 500
Step 2: Force sync Azure AD Connect
Force sync Azure AD Connect with PowerShell. The initial sync will do a full sync from AD on-premises to Azure AD. Remember that the initial sync can take more time.
PS C:\> Start-ADSyncSyncCycle -PolicyType Initial
Step 3: Verify Synchronization Service status
In Synchronization Service Manager, check that the export status shows as success. In our example, the export did delete 5069 AD objects.
Step 4: Enable Azure AD Connect sync export deletion threshold
Revert the change to protect AD objects from accidental removal. The default is 500 AD objects.
PS C:\> Enable-ADSyncExportDeletionThreshold -DeletionThreshold 500
DeletionPrevention ThresholdPercentage ThresholdCount
------------------ ------------------- --------------
1 0 500
Did this help you to fix Azure AD synchronization preventing from syncing?
Read more: Install and configure Azure AD Connect »
Conclusion
You learned why you see the status stopped-deletion-threshold-exceeded in Azure AD Connect. The solution to this problem is disabling AD sync export deletion threshold in Azure AD Connect. After that, Azure AD Connect synchronization will run without errors.
Did you enjoy this article? You may also like Get Active Directory count with PowerShell. Don’t forget to follow us and share this article.
Great Article, Helped me solve this issue in my environment.
Thank you very much Ali.
thanks for the article.
Thanks a lot Ali. Your articles are gold. Everything is very clear and simple.
Thank you!
that was very helpful
Thanks for the post. But, i got this error, while i have deleted only 84 users. Deletion threshold is 500 for my domain. Do you know what happened?
Thanks
Thanks. It is the second time on a week I follow one of your guides!
Ali,
Thank you for the explaination, I was looking for these informations on MS, but is so confused…
Excellent article!