Break link between user active directory account and Azure AD account

Question

We are migrating people off of Active Directory to just Azure Active Directory to retire our domain controllers. Currently they are synced with Active Directory Connect.

How do I break the sync between the two for individual users, since I will be phasing people over to Azure AD only in groups since we have a utility, we are phasing out that most everyone is using and requires the domain controller for authentication.

I know I can't delete the account in AD, or the Azure AD connect group policy will delete the Azure AD account also.

I saw mention in another article about doing the following, but it didn't really make sense on how to pick the individual user. I am thinking it is more of a disabled AD Connect completely command.

Connect-MsolService and sign-in using Global Administrator account.

Set-MsolDirSyncEnabled -EnableDirsync $False

If I go into Azure AD Connect, and under Domain and OU filtering, uncheck a group, will that kill the sync, without deleting the Azure AD account? Would be nice if I could do individual users, but this would mostly work.

Answer 1

@Jon Mercer

You cannot break the link between on-premises user accounts and Azure AD user accounts in groups. Only option is to disable dirsync for entire tenant by using the same command that you have mentioned as below.

Set-MsolDirSyncEnabled -EnableDirsync $False

If you go into Azure AD Connect, and under Domain and OU filtering, uncheck a group, this will delete the group from Azure AD as well. This approach will not suit for your requirement.

Let me know if you have any further questions.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.