Share via

I'm decommissioning ad sync, now I am getting synchronisation issues

Stephen Warhurst 20 Reputation points
2023-12-21T09:56:28.8266667+00:00

I am migrating our local AD to Entra, our exchange went to cloud years ago and we only used the remaining on premise server for user identity management, we have now completed getting every device to Intune so are ready to fully commit to cloud only and remove reliance on an unused building (everyone is now remote working).

Using the PowerShell command:

PS C:> Set-MsolDirSyncEnabled -EnableDirsync $False

I started the process off, within 20 minutes I get $False when checking completion using:

(Get-MSOLCompanyInformation).DirectorySynchronizationEnabled

I then get email alerts about data that can't sync to cloud, when I follow the link to
https://portal.azure.com /#view/Microsoft_Azure_ADHybridHealth/AadHealthMenuBlade/~/SyncServicesList

I see 7 alerts all telling me that they are active:

  1. Export to Microsoft Entra ID failed.
  2. Connection to Microsoft Entra ID failed due to authentication failure.
  3. Import from Microsoft Entra ID failed.
  4. Password Hash Synchronization heartbeat was skipped in last 120 minutes.
  5. Export to Active Directory failed.
  6. Import from Active Directory failed.
  7. Synchronization has stopped for at least 24 hours.

The last one is most obviously wrong as it has been approx. 18hrs since I ran the first PowerShell.

I have used PowerShell to connect to MSOl and left the shell open and logged in, and am still getting email alerts.

The questions I have for the community are:

  1. Are these alerts safe to ignore - is it just because everything has fully synced and now stopped?
  2. If yes to 1. Can I now remove the AD role from my local DC and will this stop the alerts?
  3. If no to 1. Are there any remediation links that are more useful then the ones MS has provided which are very generic and do not seem to answer my specific scenario?

Many thanks in advance

Steve

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments
Accepted answer
  1. Thameur-BOURBITA 36,266 Reputation points Moderator
    2023-12-21T10:32:07.9966667+00:00

    Hi @Stephen Warhurst

    It's normal to get these sync errors because you still have Entra connect server installed.

    You can ignore all these errors synhcornisation after running the command below because the syncronisation is now disabled and all synced accounts are now Cloud-Only as mentioned in this article Turn off directory synchronization for Microsoft 365:

    Set-MsolDirSyncEnabled -EnableDirsync $False

    Now you can continue decommissioning your Entra connect servers and domain contollers there are not in use.

    Please don't forget to accept helpful answer and close this thread

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Stephen Warhurst 20 Reputation points
    2023-12-28T12:37:15.4766667+00:00

    Hi Thameur-BOURBITA,

    Many thanks for answering my question, I am feeling reassured that stopping the sync is what has caused sync errors.

    I shall continue the decommissioning in earnest thanks to your thoughtful response.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.