Removing Hybrid azure

Souren Dadaian 0 Reputation points

I have or had azure AD connect for some time now , the AD is setup on an old windows 2008r2 server and now that its no longer supported it will no longer work.

Is there anyway to change all the users to online users from on-premises?

I have read some articles but they all rely on the sync still working!

Thank you in advance.

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,410 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,101 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Philippe Levesque 5,706 Reputation points MVP

    Hi, please explain more your setup.

    You can, please see here for more detail;

    If you dont do the step, you will have objects that you can't edit on the cloud.

    I would ask, do you have on-rem ressource still used or not ? (like printshare, file ressource, etc..)

    It's such ressource most probably that would be blocked if you remove the azure ad connect.

  2. Akshay-MSFT 16,931 Reputation points Microsoft Employee

    @Souren Dadaian

    Thank you for posting your query on Microsoft Q&A, from above description I could understand that you are looking to migrate your identity infra from Hybrid Identity (with on-prem) to Entra ID.

    Please do correct me if this is not the case by responding in the comments section

    In order to move your environment to cloud kindly follow Transition to the cloud.

    When you plan your migration to Entra ID, consider migrating the apps that use modern authentication protocols (such as SAML and OpenID Connect) first. You can reconfigure these apps to authenticate with Azure AD either via a built-in connector from the Azure App Gallery or via registration in Azure AD.

    After you move SaaS applications that were federated to Azure AD, there are a few steps to decommission the on-premises federation system:

    Move application authentication to Azure Active Directory

    Migrate from Azure AD Multi-Factor Authentication Server to Azure AD Multi-Factor Authentication

    Migrate Users and Groups

    Migrate from federation to cloud authentication

    Move remote access to internal applications, if you're using Azure AD Application Proxy

    If you're using other features, verify that those services are relocated before you decommission Active Directory Federation Services.

    Once done, Only option is to disable dirsync for entire tenant by using the same command as mentioned as below.

    Set-MsolDirSyncEnabled -EnableDirsync $False

    If you go into Azure AD Connect, and under Domain and OU filtering, uncheck a group, this will delete the group from Azure AD as well. This approach will not suit for your requirement.

    Please do let me know if you have any further queries.


    Akshay Kaushik

    Please "Accept the answer" (Yes), and share your feedback if the suggestion answers you’re your query. This will help us and others in the community as well.

    0 comments No comments