This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 16%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMH%3C/text%3E%3C/svg%3E)
Hello all,
My organization is looking to move away from our hybrid Active Directory to Azure Active Directory, but I am not sure where to start.
Currently, our user creation workflow goes like this:
We are a public school, and we only subscribe to Microsoft 365 A1 for faculty. I am not concerned about moving our student accounts to the cloud, as they primarily use Chromebooks/Google logins for their classwork. We only have two significant computer labs, which I would likely set up as local "workstation" logins with Local Security Policies enabled. Our goal is to move away from all on-prem servers and into the cloud (except for DNS/DHCP).
As it stands, all of our users are hybrid synced. We want to move them entirely to the cloud and eventually be able to shut down our Active Directory servers. I worry that the process of doing so will not be easy. We have just moved all of our users to OneDrive/SharePoint as a replacement for a local file server. We also host our email in the cloud with Exchange 365.
I am wondering what steps need to be taken to move Active Directory to the cloud safely, without causing user information to be deleted or email to be broken. Because these are already hybrid on-prem/cloud accounts, I am hoping the task is simple.
Thank you.
I wanted to check in and see if you had any other questions or if you were able to resolve this issue?
If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.
If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.
You can use PowerShell to turn off directory synchronization and convert your synchronized users to cloud-only.
Start-ADSyncSyncCycle -PolicyType Delta
Note: To force the synchronization of the user, use the following PowerShell command to trigger an Azure AD Connect delta synchronization:
Start-ADSyncSyncCycle -PolicyType Delta
You must be logged in to the Azure AD Connect server to run this command.
Hope this helps!
Hi Carlos,
Thank you for the answer. To your knowledge, does converting these synchronized users to cloud-only affect their access to apps, OneDrive, and email? What about any email groups that synced? One of the things that I will need to make sure of is that all of our security enabled mail or distribution groups are fully converted to cloud only. Because of the sync, we can only make changes to those groups in the on-prem AD.
Additionally, are there any suggestions on the best method of performing these actions? Should all users be moved to logging in through workplace Microsoft accounts first, and away from the domain?
Thank you!
Marshall Hudon
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(121.6, 40%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETY%3C/text%3E%3C/svg%3E)
Marshall,
How about creating another DC in azure and joining it to the on-prem DC? This way, you can shut the on prem DC down and still have one in azure running.
Hi Twumasi,
Our primary goal is to reduce our reliance on servers. We also are looking to do this for as little money as possible, since our budget is already pretty low. You're right that reconnecting everything in an Azure VM with the service installed could work, but then there's the cost of running an Azure virtual machine, plus the licensing costs of the server OS.
I'll keep it in mind as an option, but that's probably not the way we'll go.
Thanks for your suggestion!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(121.6, 51%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPM%3C/text%3E%3C/svg%3E)
So you tell me that using this one command is enough to convert accounts to cloud? I'm totally new in this so providing any informations will be very appreciated!
Set-MsolDirSyncEnabled -EnableDirSync $false
This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Comments have been turned off. Learn more