web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Customer experience | Sales, Customer Insights,... / Deleted users in Activ...
Customer experience | Sales, Customer Insights,...
Unanswered

Deleted users in Active Directory do not automatically get removed from D365

(0) ShareShare
ReportReport
Posted on by ggomez43 20

Hi All

I have two questions?

1. Why can't Active Directory deleted accounts be automatically removed from D365 application?

2. Other random accounts appear of users not using D365 appear in the application? How does the sync between AD/D365 work? Does it just sync all the OUs? 

Thank you in advance. 

I have the same question (0)
  • TD-28081737-0 Profile Picture
    TD-28081737-0 on at


    Hi ggomez43, 

    Question 1 - In D365 the users are never "deleted" by design. When deleting a user in AAD or in the O365 admin center it will just sync and disable the user in the D365 orgs in that tenant. It will also replace their previous upn with a upn prefaced by their previous object id and their object id will be removed. 

    As for question 2, I'm assuming you mean random accounts that are licensed users but may not be licensed with a D365 specific license. If these users are showing up as "enabled" in your application, the cause would be related to there not being  a security group in place for that environment. These user are automatically synced when created in AAD or in the O365 portal. If they are showing up as disabled, then their could be a number of reasons for that, including question #1 :)

    Hopefully this helps a bit

    Thanks

    TD

  • ggomez43 Profile Picture
    ggomez43 20 on at

    Hi 

    Question 1: What do you mean by " replace their previous upn with a upn prefaced by their previous object id and their object id will be removed" 

    In a scenario, I delete user@domain.com on-premise AD, syncs to AAD/O365. it will disabled the user in D365 and what happens to the UPN? 

    Question 2: Most are not licenses users and they also do not have a security group attached but are showing as enabled. The disabled users do not have a security role as they are disabled and not using D365 or have left the business

  • TD-28081737-0 Profile Picture
    TD-28081737-0 on at

    Hi again,

    I apologize as my initial response was related to D365 online where it is handled similar to what I was referring to. As I see by your follow up information, you were asking about an on-premise environment. 

    I believe this communities article/thread does indicate a little more to what you originally were asking with your first question.

    community.dynamics.com/.../how-to-delete-users-in-crm-that-were-deleted-in-active-directory



  • ggomez43 Profile Picture
    ggomez43 20 on at

    Hi

    No worries. Maybe I should have explained my environment better:

    My Environment:

    On-Premise AD

    On-Premise AAD Connect (AD objects sync to Azure AD/O365

    D365 cloud

    O365 cloud

    Going to explain my questions better, can you please answer again

    1.  In the scenarios below, how do D365 accounts get deleted? manually/automated?

        AD account in a synching OU in AD

        AD disabled account in a synching OU in AD

        AD account deleted

        AD account moved to a no sync OU in AD

    2.  AD accounts that never had D365 license, why are they showing up in D365?

  • ggomez43 Profile Picture
    ggomez43 20 on at

    Hi

    I was wondering if you had a chance to review my previous comment?

    thank you

  • ggomez43 Profile Picture
    ggomez43 20 on at

    Hi

    I was wondering if you can still support me on this ticket? I revise my questions and hopefully explained it better. 

  • TD-28081737-0 Profile Picture
    TD-28081737-0 on at

    Hi,

    I apologize for the delay as I was unavailable for a period of time.

    As for question 1, have you experienced any D365 accounts being deleted? I don't believe D365 accounts are ever deleted, only disabled.

    Question #2,

    Does this environment have a security group enabled? Otherwise I believe the user will show up in D365 accordingly, but without a security role assigned or license assigned, they will not have access.

    I hope this helps a little. Once again I apologize for the delay in my response.

  • TD-28081737-0 Profile Picture
    TD-28081737-0 on at

    Thank you

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Customer experience | Sales, Customer Insights, CRM

#1
Tom_Gioielli Profile Picture

Tom_Gioielli 170 Super User 2025 Season 2

#2
#ManoVerse Profile Picture

#ManoVerse 61

#3
Gerardo Rentería García Profile Picture

Gerardo Rentería Ga... 52 Most Valuable Professional

Last 30 days Overall leaderboard

Featured topics

Hide selecting Contact for potential customer when creating quote

Product updates

Dynamics 365 release plans