With the Office 365 May update, one improvement is related to the Directory Synchronization tool which now include a feature to avoid mass deletion.
This feature can be important to limit the impact of administration mistakes, such as deleting the OU hosting all the user accounts.
To take advantage of this new feature, you must run the DirSync tool in version 6765.0006 or later.
Once you are running the correct version, just open the DirSyncConfigShell.psc1 (located below the %programfiles%\Windows Azure Active Directory Sync directory) (as usual, use the Run As Administrator ) and execute the following command Set-PreventAccidentalDeletes -Enable –ObjectDeletionThreshold <Integer> – replace Integer with the threshold value to stop the synchronization. If the number of item reach or is bigger than the threshold, you will receive a notification email.
You will be asked to enter your Office 365 administrative credential
The following message will be displayed after successfully applying the setting
PreventAccidentalDeletes was enabled for your company in Azure Active Directory
Then you will have to go to your DirSync server, open the console (miisclient.exe located %programfiles%\Windows Azure Active Directory Sync\SYNCBUS\Synchronization Service\UIShell) to check what happen. If you are happy with the deletion, just run Set-PreventAccidentalDeletes –Disable from the DirSyncConfigShell.psc1 and execute a full synchronization; if you are not happy, just restore the delete items from the directory.
Off course, if you have disabled the threshold to acknowledge a mass deletion, you will have to redefine the value after.
Here is a sample of the notification email
When disabling the option
Check the DirSync version
to check the version of DirSync you are currently running, just go the %programfiles%\Windows Azure Active Directory Sync directory, right click on the ConfigWizard.exe file and check the version