Share via

turning off Azure-AD Connect

testuser7 276 Reputation points
2023-08-10T14:52:56.33+00:00

Hello,

We can turn off directory synchronization as showed at

https://learn.microsoft.com/en-us/microsoft-365/enterprise/turn-off-directory-synchronization?view=o365-worldwide

So now once AAD-connect is cut off, all users are now cloud-only and source of authority will be CLOUD
So my question is, what happens to all the onPremises***** attributes in the user-profile ???

for eg., onPremisesDistinguishedName, onPremisesUserPrincipalName

Would they all become NULL ??

Thanks.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
24,253 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Dillon Silzer 57,711 Reputation points
    2023-08-10T15:40:33.9466667+00:00

    They will be untouched after you turn off the directory synchronization. From what I can see the only ones that don't have data are:

    • On-premises last sync date time
    • On-premises provisioning errors
    • On-premises security identifier
    • On-premises users principal name

    Fields that have data in Azure AD/Entra (after Azure AD Connect has been turned off):

    • On-premises sync enabled (set to No)
    • On-premises distinguished name
    • On-premises immutable ID
    • on-premises SAM account name
    • On-premises domain name

    This is most likely a feature of if you turn Azure AD Connect back on. Additionally, I would recommend that you do not clear the immutableID unless needed. If you do this you will not be able to restore Azure AD Connect with your users on-prem.

    I recently did this on a somewhat large tenant, and everything went well.

    If this is helpful please accept answer.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.