This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 9%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGV%3C/text%3E%3C/svg%3E)
Hi, Is it possible to convert a synced user to a cloud only user when disabling the account in the on premise environment? in some cases the mailbox will be made available for a certain time as a shared mailbox, but we would like to remove unnecessary on-prem user accounts. But stopping the sync for a single user is (by my knowledge) not that straightforward. if it would be possible when a user is disabled to convert the synced online account to cloud only with logon disabled that would be ideal. Similar question:
https://learn.microsoft.com/en-us/answers/questions/839405/convert-synced-to-cloud?source=docs
@Glenn Vanderborght
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?
If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.
If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 80%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETB%3C/text%3E%3C/svg%3E)
Unfortunately, converting a synced user object to a cloud-only still not supported at this time. The only method to convert a synced object to cloud-only is to disable directory synchronisation, but this action will convert also all synced objects.
Please don't forget to accept helpful answer
Just checking if there is any other question or progress ?
Please don't forget to accept helpful answer
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 78%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMK%3C/text%3E%3C/svg%3E)
Does this method also require us to wait for 15-20 mins and then move the user from deleted container to user's container in Azure manually?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 78%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
Thank you for posting this in Microsoft Q&A.
As Thameur mentioned above, changing the user status for particular user to cloud only is not available at this moment.
However, you can perform below steps which will help you in changing the user status for particular to In Cloud in Azure.
This method works but incurs a delay of 10-20 minutes per user while Azure processes the restoration.
Apart from this you can also use the option that Thameur has mentioned above in his answer.
Let me know if you have any further questions.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 40%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESW%3C/text%3E%3C/svg%3E)
This all good but there is one important item to also consider. You still need to clear the unmutable ID field, and after you are still left with 3 additional ones (onPremisesSamAccountName, onPremisesSecurityIdentifier, onPremisesDistinguishedName) they will prevent the correct cloud only SSPR because they are read only fields. These can only be done by Microsoft Support. So if you dont clear those the SSPR logs will show Status InternalError and the OnPremisesAgent will be showing as AADConnect.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 69%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMG%3C/text%3E%3C/svg%3E)
I would also not recommend this procedure since it creates problems with SSPR and, in some cases, hard to troubleshoot toast notifications related to Windows Hello.
What I'm in the process of doing is shut down the connector once our local AD is not needed anymore and communicate with Microsoft to remove On-Premises attributes from our users in Entra ID.