Skip to main content
pc_9692
pc_9692
Participant
March 4, 2026
Answered

I can't remove users from Adobe Admin Console

  • March 4, 2026
  • 1 reply
  • 77 views

I have seen a similar quesiton asked, which is the same issue as me but I cannot find the Sync > Manually delete users. So I am asking again. I run a school and on accident every microsoft intune group got synced to my adobe admin console. I only need 2 of the groups so I am asking how do I remove the other 778 groups! I have tried via the bulk user update but it won’t  let me remove the groups. I have tried pausing the IdP sync and removing groups after but still no success. the squares next to the groups are all greyd out. Any ideas would be great thank you!

      Correct answer Anshul_Nautiyal

      Hi ​@pc_9692 

      Thank you for reaching out and for explaining your setup.

      Based on the information you shared, the behavior you are experiencing is expected when users and groups are synchronized from Microsoft Intune / Azure AD into the Adobe Admin Console. When an external Identity Provider (IdP) such as Azure AD is configured for directory synchronization, it becomes the source of truth for users and groups. 

      Even if directory synchronization is paused, Adobe continues to treat those objects as managed by the IdP, and manual changes in the Admin Console remain blocked to avoid inconsistencies between systems.

      To remove the unwanted groups, the changes must be made in the source directory (Azure AD / Intune) rather than directly in Adobe. You can review the directory connection in Admin Console → Settings → Identity → Directories and confirm which directory is linked to Azure AD. Then, in the Azure AD or Intune portal, navigate to Enterprise Applications, open the Adobe application used for provisioning, and go to Provisioning → Users and Groups. From there, remove the groups that should not be synchronized and keep only the groups that are required. Once the sync scope is updated, allow the next synchronization cycle to run. After the sync completes, the Admin Console will automatically update and reflect only the groups that remain in the sync scope.

      Check these docs: https://helpx.adobe.com/enterprise/using/add-azure-sync.html 

      https://learn.microsoft.com/en-us/entra/identity/saas-apps/adobe-identity-management-provisioning-saml-tutorial

      Regarding the “Enable editing” or “Manually delete users” option that you referenced, this setting is not available in all Azure Sync configurations, which is why you may not see it in your environment. Even when available, it is generally not recommended because any manual changes made in Adobe can be overwritten during the next synchronization cycle.

      For school environments or other managed deployments, the recommended and safest approach is to control the sync scope directly in Azure AD, ensuring that only the required groups are synchronized with the Adobe Admin Console.

      Please let us know if you need any further assistance. 

      Regards,
      ^AN

      1 reply

      A
      Community Manager
      Anshul_NautiyalCommunity ManagerCorrect answer
      Community Manager
      March 4, 2026

      Hi ​@pc_9692 

      Thank you for reaching out and for explaining your setup.

      Based on the information you shared, the behavior you are experiencing is expected when users and groups are synchronized from Microsoft Intune / Azure AD into the Adobe Admin Console. When an external Identity Provider (IdP) such as Azure AD is configured for directory synchronization, it becomes the source of truth for users and groups. 

      Even if directory synchronization is paused, Adobe continues to treat those objects as managed by the IdP, and manual changes in the Admin Console remain blocked to avoid inconsistencies between systems.

      To remove the unwanted groups, the changes must be made in the source directory (Azure AD / Intune) rather than directly in Adobe. You can review the directory connection in Admin Console → Settings → Identity → Directories and confirm which directory is linked to Azure AD. Then, in the Azure AD or Intune portal, navigate to Enterprise Applications, open the Adobe application used for provisioning, and go to Provisioning → Users and Groups. From there, remove the groups that should not be synchronized and keep only the groups that are required. Once the sync scope is updated, allow the next synchronization cycle to run. After the sync completes, the Admin Console will automatically update and reflect only the groups that remain in the sync scope.

      Check these docs: https://helpx.adobe.com/enterprise/using/add-azure-sync.html 

      https://learn.microsoft.com/en-us/entra/identity/saas-apps/adobe-identity-management-provisioning-saml-tutorial

      Regarding the “Enable editing” or “Manually delete users” option that you referenced, this setting is not available in all Azure Sync configurations, which is why you may not see it in your environment. Even when available, it is generally not recommended because any manual changes made in Adobe can be overwritten during the next synchronization cycle.

      For school environments or other managed deployments, the recommended and safest approach is to control the sync scope directly in Azure AD, ensuring that only the required groups are synchronized with the Adobe Admin Console.

      Please let us know if you need any further assistance. 

      Regards,
      ^AN

      pc_9692
      pc_9692Author
      Participant
      March 5, 2026

      Hi ​@Anshul_Nautiyal 

       

      Thank you for your prompt reply.

      The issue I was having was that I needed to restart the provisioning in Azure to properly send the sync through as it had been over 24h and nothing changed. It is all fixed now thank you!

       

      All the best,

      LS

      A
      Community Manager
      Anshul_NautiyalCommunity Manager
      Community Manager
      March 5, 2026

      @pc_9692 Glad it got fixed for you. Thanks for sharing the issue and root cause with us. Let us know if you need further assistance in the future. 

      Regards,
      ^AN

      Terms & ConditionsAccessibility statement
      Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices