I ran into a problem recently with a customer running AAD Connect. When we were trying to Export to the Azure Active Directory, the status of the Connector Operations showed “stopped-server-down”.
At the same time, I was called by the technical contact who said he had received a strange email from MSOnlineServicesTeam with the following message:
At Thursday, 19 November 2015 13:58:10 GMT the Identity synchronization service detected that the number of deletions exceeded the configured deletion threshold for Company Name [tanantname.onmicrosoft.com]. A total of 789 objects were sent for deletion in this Identity synchronization run. This met or exceeded the configured deletion threshold value of 500 objects.
We need you to provide confirmation that these deletions should be processed before we will proceed.
We are currently completing the rollout of AAD Connect with the customer and helping them remove any erroneous accounts from the scope in order to keep numbers on Office 365 down. Hence the large number of deletions!
Despite the long winded and unclear errors, the solution to this problem is quite simple. You can either disable the threshold completely by running the following command, and provide credentials for a global admin account for Office 365 when prompted:
Alternatively you could change the threshold to allow your changes using the following command:
Enable-ADSyncExportDeletionThreshold -DeletionThreshold $number
If you do disable your deletion threshold completely, remember to re-enable the threshold again afterwards running:
Hopefully this will save you some time when you run in to this issue in your environments!
To have a look at my other blogs on a similar topic, you can see them here; AAD sync and connect – passwords not syncing with attribute filtering