![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 20%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENB%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
24,284 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 22%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESD%3C/text%3E%3C/svg%3E)
Hello Norbert Bonnici
Issue: I want to migrate users from hybrid to cloud
Resolution:
You can use PowerShell to turn off directory synchronization and convert your synchronized users to cloud-only.
You can use the Set-MsolDirSyncEnabled PowerShell cmdlet as mentioned below, which will convert your synched users to cloud-only, retain the current passwords and stop the synchronization as well.
Set-MsolDirSyncEnabled -EnableDirsync $false
Note: It may take up to 72 hours to complete deactivation once you have disabled DirSync through this cmdlet. The time depends on the number of objects that are in your cloud service subscription account. If the number of objects is less, it may complete within minutes as well. You cannot cancel the disabled action. It will need to complete before you can take any other action, including re-enabling of DirSync. If you choose to re-enable DirSync, full synchronization of your synced objects will happen. This may take a considerable time depending on the number of objects in your Active Directory.
To force the synchronization of the user, use the following PowerShell command to trigger an Azure AD Connect delta synchronization: Start-ADSyncSyncCycle -PolicyType Delta
or If you need to do this for some accounts only, then follow https://techcommunity.microsoft.com/t5/security-compliance-and-identity/convert-on-prem-ad-users-from-office-365-azure-ad-to-in-cloud/m-p/42908
"You could terminate the account in Active Directory (which would terminate the account in AAD/O365) after forcing a delta sync, then "reactivate" / "undelete" the account and assign it a license"
Similar Q&A posts:
Q&A Article-1
https://techpress.net/convert-entra-synced-user-to-cloud-only-user/
I hope this clarifies things.
Please remember to "Accept Answer", so that others in the community facing similar issues can easily find the answers.