This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 39%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
So here's the scenario i'm having. i installed the azure AD connect tool on my on prem DC. everything worked great except one item. I just did the default express install and of course that included my whole OU of the company. which in turned imported every user on that domain. I then followed these steps to correct my issue. customized it selected only OU's we want to sync to Azure AD from our on prem domain.
https://aidanfinn.com/?p=21171
I have forced replication in the azure AD sync tool via powershell, waited for almost 4 hours and users are still in azure AD that arent in the selected OU's we had selected. how do i got about getting those users out of azure AD that aren't in the OU's we only want synced from on premi AD. Thanks as always for any help.
Have you forced a full or delta sync from on prem to aad after your custom configuration of aad connect?
After a full sync you could remove the aad object with the powershell cmdlets mentioned in your link, I think.
This is now resolved.
Csuttirp you def had one part which helped right full sync
so heres what i had to do from this article
https://www.reddit.com/r/Office365/comments/b9ousl/removed_a_ou_from_ad_sync_how_long_till_the_users/
steps
since i had over 500 objects had disable this threshold Disable-ADSyncExportDeletionThreshold
then ran full sync
Start-AdSyncSyncCycle -PolicyType Initial
and everything synced up correctly..