Removal of AD Connect Dramas - help!!

asked 2019-12-03T22:41:55.497+00:00
Rodney Lane 21 Reputation points


I am fairly new to Azure and have been trying to learn.

I have been attempting to learn how to use AD Connect to link a test AD domain VM running on local premises to an MSDN Azure AD Account.

Suffice to say I managed to royally mess it up.

I followed instructions on removing AD Connect from the domain controller and disabled Sync.

When I check the status of the sync in the powershell commandlet, it says that its disabled.

When I try to log into Azure using my Azure AD Account, it keeps trying to take me to the link which doesnt exist.

So I have lost access to Azure and office 365 email :|

I tried re-installing AD Connect (as a lot of the documentation states I need AD Connect to do or change anything - but when I try to install it it tells me that "directory synchronization is currently in a pending disable state for this directory. Please wait until directory synchronization has been fully disabled before trying again."

So according to the commandlet, the sync is disabled, but according to the installer - its pending disable.

It has been about 12 hours since the sync was disabled and ADConnect removed

The AD Domain that was synchronized had 1 user account and 2 computer accounts so its not a large domain.

So at the moment I am stuck - cant log into azure with no apparent way to fix it.

Can someone advise how I might go about cleaning up this mess?

Thanks in Advance


Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,598 questions
No comments
{count} votes

Accepted answer
  1. answered 2019-12-04T06:29:00.28+00:00
    Vasil Michev 61,506 Reputation points Microsoft MVP

    Seems you had federation enabled? If that's the case, you need to convert the domain and all users to cloud-only auth. One way to toggle is indeed via the AAD Connect client, but you can also do so via PowerShell:

    Set-MsolDomainAuthentication -DomainName -Authentication managed  

    In case you didn't have password hash sync enabled, the cloud users will have to be "converted" as well:

    Convert-MsolFederatedUser -UserPrincipalName  

0 additional answers

Sort by: Most helpful