Share via

Move from Azure AD Connect to just Azure cloud AD

Wayne Smith 20 Reputation points
2025-04-16T20:13:46.6966667+00:00

Our organization has an on-premise domain controller that sends new users to Azure AD periodically that in turn creates users in our Office 365 arena. I'd like to do away with the on-premise active directory and create users directly into Azure AD.

When I look this up, I see information about removing the computers from the local domain and adding them back to the cloud domain. I don't really care about the computers; I just want to manage my users. Is there a way to do this without touching every computer?

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

Answer accepted by question author

  1. Akhilesh Vallamkonda 15,355 Reputation points Moderator
    2025-04-17T16:09:44.6566667+00:00

    @Wayne Smith

    I understand that you would like to stop synchronizing and creating the users from on-premises AD to Microsoft Entra ID and manage all the users from Entra ID.

    On premises users are synced to Entra ID by using the Entra connect Sync or Entra cloud sync tool and the users are get created by admin or any HR application provisioning.
    If you have HR application provisioning to create the users, you need to configure the HR application to provision in Entra ID.

    If you want to remove the users from Active directory and mange under Microsoft Entra ID only you need to convert the user from on-prem users to cloud only users, as of now there is no option available directly to convert the on-premises user to cloud only users.

    however, you can achieve this by create an OU in on-premises Active directory and make this OU is out of sync scop in your Entra connect tool, once you create the OU move the targeted users from sync OU to non- sync OU, on the next sync cycle the user will be deleted in Microsoft Entra ID.
    The deleted users are in soft delete state in Entra, so that you can restore it from deleted users, once you restored the users became cloud only users.

    If you have bulk users and your organization wants to move entirely to the cloud, you need to disable the synchronization in both on-promises and Entra ID. before doing this stop creating the new users and groups and cleanup the unassay groups and users and admin accounts from AD.
    Please follow How Disable On-Premises Directory Sync to Microsoft Entra ID

    Hope this helps. if my suggestion is not helpful, please let me know by responding in the comments section.

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Abiola Akinbade 30,490 Reputation points Volunteer Moderator
    2025-04-17T06:22:12.45+00:00

    Hello Wayne Smith

    Thanks for your question

    You will need to disable directory sync: https://learn.microsoft.com/en-us/microsoft-365/enterprise/turn-off-directory-synchronization?view=o365-worldwide

    If you do this all sync will be disabled. It is a dangerous command that will disable all sync including computers and everything will be converted to cloud. Takes about 72 hours

    So I recommend reading and planning appropriately

    See:

    https://learn.microsoft.com/en-us/answers/questions/1289651/how-to-migrate-from-hybrid-identity-to-cloud-only

    https://learn.microsoft.com/en-us/entra/architecture/road-to-the-cloud-implement

    You can mark it 'Accept Answer' and 'Upvote' if this helped you

    Regards,

    Abiola

    1 person found this answer helpful.
    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.