Microsoft released Azure AD Connect version 220.127.116.11 as a download-only version on 12/16/2021. This update includes several bug fixes and introduces support for syncing AD objects from a single forest to multiple tenants.
However, this version contains a new potentially devastating bug that removes disabled user accounts in AD from Azure AD.
Because shared mailboxes use disabled user accounts this means those mail users are also deleted from Exchange Online. Cloud users will no longer see on-prem shared mailboxes in the GAL or be able to access them. Inbound mail flow will also be affected for these mailboxes since they no longer exist from an Exchange Online Protection perspective.
Luckily, version 18.104.22.168 is not being pushed as an auto upgrade version, so only customers who download and install it are affected.
AAD Connect version 22.214.171.124 has been released. If you are affected by this bug, you should update to the latest version. See my other updates below.
The workaround is to remove AAD Connect 126.96.36.199 and reinstall the previous AAD Connect version 188.8.131.52. Since Microsoft removes all but the most current version, I've made AAD Connect 184.108.40.206 available on my blog here. I recommend exporting your current AAD Connect configuration first, then importing it when installing version 220.127.116.11. Be sure to uncheck the "Enable staging mode" when completing the installation.
During the first sync you will see that the disabled accounts in AD are being synced again to Azure AD.
Update #1 - Dec 22, 2021
The Azure AD Connect Version History website was updated yesterday after my blog post to say that version 18.104.22.168 has been released which addresses this issue. However, at this time only 22.214.171.124 is still available from the AAD Connect download website.
Update #2 - Dec 22, 2021
AAD Connect version 126.96.36.199 is now available for download. Strangely, this new version is no longer listed in the version history. :-/
I have confirmed that the bug has been squashed.