Delete User from Azure ADFor whatever reason, I had an account in Azure AD that picked up the @foobar.onmicrosoft.com domain rather than the actual local domain. I suspect this happened because there was already an account manually created as a Global Admin so when the AD sync was happening, it could not create an account and defaulted to the onmicrosoft.com account.
In any regard, you can delete the account on Azure AD without affecting the Local AD. After the deletion, sync back to Azure AD from the Local AD.
These are the steps:
Connect to Office365/ExchangeOnline
Set-ExecutionPolicy RemoteSigned
$LiveCred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection
Import-PSSession $Session -AllowClobber
Connect to MSOnline
Install-Module AzureAD
Install-Module MSOnline
Connect-MsolService -Credential $LiveCred
Get the User / Delete the User
get-msoluser -searchstring foouser
get-MsolUser -ObjectId 33f85584-acde-4c23-aa00-d8ab654a258b
remove-MsolUser -ObjectId 33f85584-acde-4c23-aa00-d8ab654a258b
Connect to AzureAD & Verify the Account Does not Exist
Connect-azuread -Credential $LiveCred
get-AzureADUser
get-azureaduser -searchstring fooname
Permanently Delete
Go to Azure Acive Directory > Users > Deleted Users
Select User
Permanently Delete
Sync from Local AD
Then to sync back from the Local AD.
-connect directly to the system that has Azure AD Connect.
Check the schedule:
Get-ADSyncScheduler
Run the sync:
Start-ADSyncSyncCycle -PolicyType Delta
Notes
get-msoluser and get-azureaduser are pretty much the same in that they will provide the same basic details. They are different in that they connect to different endpoints of the service and therefore provide similar information but provide it differently.
In short, get-msoluser is the 'old way' and get-azureaduser is the 'new way.'
The problem is that the old way is easier to use and not everything is in the new way.