![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 10%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
25,081 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 45%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAV%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 33%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJN%3C/text%3E%3C/svg%3E)
Hello,
Thank you for your question about permanently turning off directory synchronization for Microsoft 365 and your concern about removing the Azure AD Connect tool first. I’ll guide you through the process following Microsoft’s documentation and address your concern about users and groups.
Instructions to Turn Off Directory Synchronization:
1. Uninstall Azure AD Connect (Recommended First Step):
- On the server where Azure AD Connect is installed, go to Control Panel > Programs and Features.
- Find Microsoft Azure AD Connect, select it, and click Uninstall.
- Action: Follow the prompts to remove the tool completely.
2. Install Microsoft Graph PowerShell Modules:
Open PowerShell as an administrator and run:
Install-Module Microsoft.Graph -Force
Install-Module Microsoft.Graph.Beta -AllowClobber -Force
3. Connect to Microsoft Graph:
Use a Hybrid Identity Administrator account
Connect-MgGraph -scopes "Organization.ReadWrite.All,Directory.ReadWrite.All"
4. Verify Current Sync Status:
- Run:
Get-MgOrganization | Select OnPremisesSyncEnabled
- Confirm it shows True.
5. Disable Directory Synchronization:
- Store the tenant ID and disable sync::
$organizationId = (Get-MgOrganization).Id
$params = @{ onPremisesSyncEnabled = $false }
Update-MgOrganization -OrganizationId $organizationId -BodyParameter $params
-Verify the change:
Get-MgOrganization | Select OnPremisesSyncEnabled
It should now show False.
Will Users and Groups Disappear After Removing Azure AD Connect?
No, removing Azure AD Connect first does not delete users, groups, or contacts in Microsoft 365. These objects remain in the cloud, but their source of authority stays tied to the on-premises AD until synchronization is disabled. Once you run the Update-MgOrganization command, all synchronized objects (users, groups, contacts) are converted to cloud-only, meaning their source of authority shifts to Microsoft Entra ID. This process preserves all objects, and they will not be deleted. Passwords remain the last synchronized value, and the ImmutableID is retained for potential future re-sync (after a 72-hour wait period).
Additional Notes:
- Microsoft recommends uninstalling Azure AD Connect before disabling sync to avoid portal inconsistencies (e.g., Password Hash Sync showing as enabled). However, even if you disable sync first, objects are not deleted—they just stop syncing.
- Wait up to 72 hours for the Microsoft 365 admin center to reflect the change (users will show as "In-cloud").
- If you need to re-enable sync later, you must wait 72 hours after disabling.
If you encounter issues, open a ticket via Microsoft 365 admin center > Help & support.
Best,
If I have answered your question, please accept this as answer as a token of appreciation and don't forget to thumbs up for "Was it helpful"!
