How to Exempt an Account in AD and Azure AD Sync

Situation – How to Exempt an account in Active Directory (AD) and Azure Active Directory (AD) Sync
Solution – Follow the below steps in the User Management – Import & Sync – Choose either AD or Azure AD sync

Overview

AD And/Or Azure AD Is Source Of Truth. Whatever The Status Is In AD Or Azure AD It Should Be Similar In Spambrella. Office 365 Syncs With AD And Azure AD, But Does Not Tell Proofpoint Essentials What To Do With The Account. To Ignore What AD And Azure Says We Must Exempt The Account. 

Exempt An Account

Whether it is a user or a functional account these may need to be exempted. 

If you are getting repeated notifications on the same user you can exempt them. Before exempting the account you should check if the User’s email address is listed in multiple locations and switch between primary and alias addresses.

New: User Mass Update – Exempt from Sync

We have improved the experience for managing user sync exemptions by allowing admins to directly add users to the sync exemption list directly from the User Management– Users page. Select the user accounts you wish to update. Then check the boxes to the left of the names(s) and then clicking the Mass Update button.

Exempt mass.png

Then Click Update Users button. If you go and check in your Azure summary you will now find the account(s) in the exempted area.

AD Sync- Manual Way (Old Way)

1. Go to Administration > User Management > Import & Sync > Active Directory Sync

save and run sync.PNG

2. Temporarily change the Sync Frequency to Never. (This stops unwanted syncing during these steps.) 

3. Click on Search now (AD) or Save and Run Sync Now (Azure).

4. In the AD or Azure Sync summary, Find the account(s) in the adding area. (This screen is also the same in both AD and Azure)

If the accounts are listed in that area, you can click on the check box to the left of the name(s) and then over to the right side click Exempt from Sync if just one account and Exempt Selected on multiple accounts. 

How to Exempt an Account in AD and Azure AD Sync

5. If the account(s) are marked as a User account instead of a Functional account- then follow this article to convert it to a Functional Account Adding Functional Accounts Manually

6. Once that is done, you will find the accounts in the account in the deleting area. This is because AD or Azure AD is still seeing this as a user account. Expand the Deleting area and mark the box(es) with a check and either select on Exempt From Sync or Exempt Selected for multiple accounts. 

7. Remember to change the Sync Frequency back to desired interval. 

8. Save your changes. 

Once you mark an account Exempt it will no longer sync on a scheduled AD or Azure sync. It will remain in the state until you delete the account or change the status back to Add to Sync. That will then look to the AD system and follow whatever it says there.

Additional Reading:

Manual AD Sync – “The procedure seems to have been successful”

Azure Active Directory Sync Guide – New API Version