Share via

Directory Synchronization Disabled - Safe to Delete Microsoft Entra Connect Sync Services

JasonB 20 Reputation points
2025-04-06T22:01:36.4166667+00:00

Hello,

I do some consulting for a small local organization where the previous IT staff had installed, as it was called back then, Azure AD Connect. I have supported it for the last couple of years, but for the number of users they have, it seemed unnecessary. In recent years all the staff workstations have been replaced with new Windows 11 devices and connected to Entra AD instead of the local AD. The local AD is being phased out and there have never been any hybrid applications or anything similar. The only hybrid aspect of their M365 setup was the Entra AD sync with local AD.

Recently, I received an email informing me I needed to upgrade to the latest version of Microsoft Entra Connect Sync and since I wanted to disconnect it anyway, I went that route instead.

I disabled Entra Connect AD sync following the instructions from the Microsoft Learn article linked below:

https://learn.microsoft.com/en-us/microsoft-365/enterprise/turn-off-directory-synchronization?view=o365-worldwide

Everything went well. All commands completed successfully, and all users and groups are now showing as being "In cloud" within the admin portal.

The next morning, I woke up to find an alert saying, "Health service data is not up to date. – You have an important alert from Microsoft Entra ID." I wasn't too l alarmed, but I investigated and found where this is within the Azure portal under Microsoft Entra Connect | Connect Sync > Microsoft Entra Connect Health > Sync services. I see there is a single sync service and within that service there is one server, which is the one I had Entra Connect Sync installed on. It, and all the other applications that were part of it were uninstalled as directed by the linked article above. As Entra Connect Sync was the only thing that VM was doing, I plan on decommissioning it.

I went to delete the sync server and upon confirmation it describes all the things that will be or won't be removed. It shows a number of things, and I want to confirm this is safe to do. I would like to understand what will be deleted and assured doing this won't cause all the accounts to be deleted that were previously synced from the local AD to Entra AD. As a reminder, all accounts and groups are showing as "In cloud" in the admin portal. I've included a screenshot below of the sync services screen.

Screenshot_6-4-2025_153014_portal.azure.com

Microsoft Security Microsoft Entra Microsoft Entra ID
Accepted answer
  1. Marcin Policht 49,640 Reputation points MVP Volunteer Moderator
    2025-04-06T22:55:34.5133333+00:00

    From your description and the screenshot, it looks like you're seeing the "Unhealthy" status in the Microsoft Entra Connect Health pane because the sync server has been decommissioned, but its record still exists in the Entra portal. This is expected behavior after disabling sync and uninstalling Entra Connect Sync.

    • Last export to Microsoft Entra ID is showing a date of April 4, 2025 — that means no further sync activity is happening.
    • Sync Error: Latest data is not available — again, expected because the sync service is gone.
    • 1 Active alert is from the now-defunct AadSyncService.

    When you delete the sync server from Microsoft Entra Connect Health, you are only removing the monitoring reference to that server — you are NOT deleting any Entra ID objects (users/groups). Here's what this deletion does and doesn’t do:

    Deletion does:

    • Remove the Entra Connect Health record for the sync server.
    • Clean up stale monitoring and health data tied to the old sync server.
    • Eliminate "Unhealthy" or "stale data" alerts in the Connect Health UI.

    Deletion does NOT:

    • Affect your Microsoft Entra ID (formerly Azure AD) users or groups.
    • Re-enable synchronization or make any configuration changes.
    • Cause any kind of account deletion, since sync has already been turned off and users are marked as "In cloud".

    You are safe to delete it if:

    • All users and groups in your Microsoft Entra ID show as “In cloud” (which, as you stated, is the case)
    • Directory sync has been fully disabled (you confirmed this as well)
    • You’ve uninstalled Entra Connect Sync and no longer need that server

    The final steps would involve:

    1. Deleting the sync server from the Entra portal (it's just stale metadata at this point).
    2. Optionally, decommissioning the server that hosted Entra Connect Sync.
    3. Keeping an eye on the Entra admin portal for the next couple of days just to confirm no unexpected issues pop up — though none are expected.

    hth

    Marcin

    2 people found this answer helpful.
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.