Changing/deleting users, disconnecting from some unkown local AD

Question

I inherited an Azure account from a previous administrator for the organisation I work for. I am the sole owner of the domain, and the previous administrator is on longer available.

When I try to change user information I sometimes get feedback

This user is synchronized with your local Active Directory. Some details can be edited only through your local Active Directory.

There is however no local Active Directory. The two server the organisation uses are both running Linux, and although there is an LDAP services, the previous admin never had the information to get information out of that.

I also see "On Premises Sync" set to yes, for some, but not all users in Azure.

How do I get this changed to No for everyone? There probably used to be an AD server somehwere, but I have no access to it, nor can I get the previous administrator to access it. The only entries on the internet I found to disconnect from a local AD service was by starting powershell on the local server.

How do I disconnect from the Azure side?

If necessary I can prove I have full ownership over the domain of the organisation (e.g. by providing DNS entries).

Answer 1

@Anthon

Thank you for posting this question in Microsoft Q&A.

As I understand you are trying to change some properties of users accounts in Azure AD and you are getting an error because these accounts were initially synced from On-premises Active directory. Currently you do not have any on-premises AD.

To disconnect the sync from Azure side you can follow below instructions.

• Open Windows PowerShell as administrator from any of the Windows device.
• Run the Install-Module MSOnline command.
• If you're prompted to install the NuGet provider, type Y and press Enter.
• If you're prompted to install the module from PSGallery, type Y and press Enter.
• Once module is installed you can run below commands,
• Connect-MsolService (enter global administrator credentials of you Azure AD)
• Enter command "Set-MsolDirSyncEnabled -EnableDirSync $false".
• This will change all the user account status to Azure Active directory.

Post this you will be able to change user properties.

Let me know if you have any further questions on this.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Answer 2

Hello @Anthon

Thank you for reaching out. If you no longer have access to Local AD Server and want to convert all users to Cloud-Only. i.e. Change "On Premises Sync" from yes to no so that you can manage all users and their attributes on cloud/Azure AD. Then you can do this by changing the DirSync status of Azure AD tenant to disabled.

To achieve this, you would need to follow below steps:

• Install Legacy Azure AD PowerShell Module:

Install-Module MSOnline

• Connect Legacy Azure AD PowerShell Module with Global Admin account:

Connect-Msolservice

• Execute following command to disable Directory Synchronization from On-Prem AD to Azure AD:

Set-MsolDirSyncEnabled -EnableDirSync $false

Note: This is not recommended as a troubleshooting step and should only be executed if you no longer want to sync users from Local AD and change all accounts to cloud only. Also please note if synchronized users have federated domain then you might need to change the domain to domain available and managed on Azure AD.

For more details around the commands mentioned above please refer following documentation: Turn off directory synchronization for Microsoft 365

I hope this answer helps to resolve your issue. Please "Accept the answer" if the information helped you. This will help us and others in the community as well.