Accidental deletions can have a huge negative impact on your environment; especially, if they are synchronized to your Azure Active directory.
One indicator for accidental deletions is a high number of staged deletions.
To minimize the impact of accidental deletions, the Directory Sync tool provides you with a feature that enables you to set a threshold for staged deletions.
If the number of staged deletions exceeds your configured threshold, the Directory Sync tool considers the staged deletions to be accidental or unwanted deletions.
In this case, all staged deletions in a processing cycle are not synchronized to Azure Active directory.
The objective of this article is to explain how to manage this feature.
To enable the feature, you can use the directory synchronization Windows PowerShell cmdlet .
The cmdlet is installed when you install the Directory Sync tool.
To enable prevention of accidental deletes, perform the following steps:
Set-PreventAccidentalDeletes -Enable –ObjectDeletionThreshold <Integer>
↑ Back to top
When the total number of deletes planned for a sync cycle is more than the
ObjectDeletionThreshold value that you have set, you receive an email.
You can look at all the pending deletes that were prevented from syncing by performing the following steps:
By default, it is located here: %programfiles%\Windows Azure Active Directory Sync\SYNCBUS\Synchronization Service\UIShell (the location depends on the version you have installed).
The objects that have been suppressed for deletion will appear.
If all the deletes in the above list are desired, then use the following steps to disable the threshold:
If the deletes are not desired, then perform an authoritative restore of the items.