Disable and revoke Azure AD tokens from expired AD users


If you have an environment on-premises and are starting to take advantage of the cloud, then there’s a lot to be aware of. One big thing to take notice of is that Azure AD does not respect user expired state in AD. When logging on to Office 365 services outside of ADFS with CloudNative Auth, this becomes a huge problem. Even though the user is expired in AD, it might be able to log on to your cloud services. Therefore, I have written a script that you should run on a daily schedule, that disables expired users in AD and revoke any Azure AD tokens the user might have.


Script here.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s