skip to Main Content

Stopped deletion threshold exceeded – Azure AD Connect

Azure AD Connect stopped syncing to Azure AD. Looking in Azure AD Connect Synchronization Service Manager, the sync shows the status stopped-deletion-threshold-exceeded. In this article, you will learn why this is happening, and the solution for stopped deletion threshold exceeded.

Stopped deletion threshold exceeded

Start Azure AD Synchronization Service Manager. The status shows stopped-deletion-threshold-exceeded.

Stopped deletion threshold exceeded - Azure AD Connect before

Why are we getting this error, and what is the solution for stopped-deletion-threshold-exceeded?

Get Azure AD synchronization export deletion threshold

Run PowerShell as administrator. Run the Get-ADSyncExportDeletionThreshold cmdlet to check both the objects DeletionPrevention and TresholdCount.

  • DeletionPrevention is 1 (enable)
  • ThresholdCount is 500 (default AD objects)
PS C:\> Get-ADSyncExportDeletionThreshold

DeletionPrevention ThresholdPercentage ThresholdCount
------------------ ------------------- --------------
                 1                   0            500

Microsoft did create the AD sync export deletion threshold feature to protect customers from accidental Azure AD Connect configuration changes and changes to local Active Directory that affect more than 500 AD objects.

Solution for stopped deletion threshold exceeded

The solution for stopped-deletion-threshold-exceeded is to disable the export deletion threshold with PowerShell. After that, force sync Azure AD sync and verify that the export succeeds without errors. As of last, revert the change to the default for protection. Let’s have a look at it step by step.

Step 1: Disable Azure AD Connect sync export deletion threshold

Disable Azure AD Connect sync export deletion threshold with the Disable-ADSyncExportDeletionThreshold cmdlet.

PS C:\> Disable-ADSyncExportDeletionThreshold

DeletionPrevention ThresholdPercentage ThresholdCount
------------------ ------------------- --------------
                 0                   0            500

Step 2: Force sync Azure AD Connect

Force sync Azure AD Connect with PowerShell. The initial sync will do a full sync from AD on-premises to Azure AD. Remember that the initial sync can take more time.

PS C:\> Start-ADSyncSyncCycle -PolicyType Initial

Step 3: Verify Synchronization Service status

In Synchronization Service Manager, check that the export status shows as success. In our example, the export did delete 5069 AD objects.

Stopped deletion threshold exceeded - Azure AD Connect after

Step 4: Enable Azure AD Connect sync export deletion threshold

Revert the change to protect AD objects from accidental removal. The default is 500 AD objects.

PS C:\> Enable-ADSyncExportDeletionThreshold -DeletionThreshold 500

DeletionPrevention ThresholdPercentage ThresholdCount
------------------ ------------------- --------------
                 1                   0            500

Did this help you to fix Azure AD synchronization preventing from syncing?

Read more: Install and configure Azure AD Connect »

Conclusion

In this article, you learned why you see the status stopped-deletion-threshold-exceeded in Azure AD Connect. The solution to this problem is disabling AD sync export deletion threshold in Azure AD Connect. After that, Azure AD Connect synchronization will run without errors.

Did you enjoy this article? You may also like Get Active Directory count with PowerShell. Don’t forget to follow us and share this article.

ALI TAJRAN

ALI TAJRAN

ALI TAJRAN is a passionate IT Architect, IT Consultant, and Microsoft Certified Trainer. He started Information Technology at a very young age, and his goal is to teach and inspire others. Read more »

This Post Has One Comment

  1. Ali,

    Thank you for the explaination, I was looking for these informations on MS, but is so confused…

    Excellent article!

Leave a Reply

Your email address will not be published. Required fields are marked *