Since May 2012 that all customers of Azure Active Directory and Office 365 have a default object limit of 50,000 objects (users, mail-enabled contacts and groups) by default.
This limit determines how many objects can be created in a tenant using DirSync, PowerShell, the GRAPH API or manually.
What some administrators are not aware of, is that when the first domain is verified, this object limit is automatically increased to 300,000 objects (each tenant is only granted one increase).
As before, if you have verified a domain and need to synchronize more than 300,000 objects OR you do not have any domains to verify and need to synchronize more than 50,000 objects, you will need to contact Azure Active Directory Support to request an increase to your object quota limit.
Also, please note that objects that were once present in your on-premises Active Directory, synchronized to Azure AD via DirSync and then deleted, may still contribute towards your Azure AD object limit for a period of up to 30 days. If the sum of these deleted objects and the remaining active objects is greater than your object limit, you may continue to receive notifications informing you that you have exceeded your object limit even though the object no longer appears in the on-premises AD or in the Azure AD directory. You can clear these by running:
Get-MsolUser -ReturnDeletedUser -All | Remove-MsolUser -RemoveFromRecycleBin –Force
Despite this 300,000 object limit, it is still recommended to run DirSync on a full installation of SQL Server if you plan to synchronize more than 50,000 objects.
No comments:
Post a Comment