I am trying to disable a user via Graph API.
I’m sending a PATH via users/{userId} and setting AccountEnabled to false which works fine.
However, since the users in the tenant have AD synchronisation enabled, the sync service is re-enabling the user.
Is there a way I can disable, via the API, the synchronisation of a single user?
Any pointers appreciated.
Thanks Carl
When dealing with users synchronized from on-premises Active Directory (AD) to Azure Active Directory (Azure AD) using Azure AD Connect, disabling a user directly via the Graph API won’t work as the changes will be overridden by the next sync. The most effective approach is to disable the user account in your on-premises Active Directory. This change will sync to Azure AD during the next synchronization cycle and disable the user there as well.
Alternatively, if you manage the on-premises AD, you can set the userAccountControl attribute to disable the account. To exclude a specific user from being synchronized, you can configure Azure AD Connect to filter out that user based on specific attributes, though this requires modifying the Azure AD Connect configuration.
If you’ve disabled the user in on-premises AD, consider forcing a synchronization cycle using PowerShell with the command Start-ADSyncSyncCycle -PolicyType Delta. This action will expedite reflecting your changes in Azure AD. Finally, keep an eye on the synchronization status to ensure your updates have been applied successfully, and check the Azure AD Connect synchronization logs for any issues.
If you lack access to the on-premises AD or Azure AD Connect, it’s best to reach out to your IT department or the team responsible for managing Azure AD for assistance.