One of my clients mentioned that he follows people in the newsfeed who weren’t employed any more.
Occasionally we disable the this kind of users in the Active Directory but don’t delete them.
It seems that DirSync doesn’t filter disabled accounts.
To change that open the Synchronization Service Manager and navigate to > Management Agents > [your connector] > Configure Connect Filter.
Now we are going to add a new attribute filter for the account control attribute.
- Select user as Data Source Object Type.
- Click on New.
- Select userAccountControl for Data source attribute
- Operator is Equal.
- Set value 0x202.
- Add the new condition and finish with OK.
Finally run a full sync with PowerShell.
Add-PSSnapin Coexistence-Configuration Start-OnlineCoexistenceSync -FullSync
There shouldn’t be any disabled users in your azure directory any more.