Share via

Request to Disable Directory Synchronization (Azure AD Connect) for Tenant

Ejilson Nelson 20 Reputation points
2025-06-16T14:09:50.9833333+00:00

Dear Microsoft Support,

I would like to request the complete disabling of Directory Synchronization (Azure AD Connect) for our Azure Active Directory (Entra ID) tenant.

Reason for Request:

We are no longer using Azure AD Connect or any on-premises synchronization tools and would like to fully switch to cloud-only identity management. We are unable to disable Directory Synchronization ourselves because:

  • The MSOnline PowerShell module is deprecated and blocked in our tenant (legacy authentication restriction).
  • The Microsoft Graph PowerShell SDK does not yet support this functionality.
  • The Azure Portal does not provide the option to disable synchronization.

Therefore, kindly assist in fully disabling Directory Synchronization and setting the Directory Sync status (OnPremisesSyncEnabled) to False for this tenant.

Please let us know if you require any additional information to proceed with this request.

Thank you for your assistance.

Best regards,

Ejilson N

Exchange Online
Exchange Online
A Microsoft email and calendaring hosted service.
6,171 questions
0 comments
Accepted answer
  1. Hin-V 740 Reputation points Microsoft External Staff Moderator
    2025-06-16T15:17:04.76+00:00

    Dear @Ejilson Nelson

    Thank you for posting your question in Microsoft Q&A.  

    Based on your inquiry, we understand that you have considered disable Directory Synchronization (Azure AD Connect) for  your tenant. We will be glad to assist you with this part. 

    I have found the relevant article can help you to do it: 

    Turn off directory synchronization for Microsoft 365 - Microsoft 365 Enterprise | Microsoft Learn 

    You can use  Microsoft Graph PowerShell SDK. This is the modern, unified PowerShell module built on the Microsoft Graph API.

    # Install v1.0 and beta Microsoft Graph PowerShell modulesInstall-Module Microsoft.Graph -Force Install-Module Microsoft.Graph.Beta -AllowClobber -Force # Connect With Hybrid Identity Administrator Account
Connect-MgGraph -scopes "Organization.ReadWrite.All,Directory.ReadWrite.All"    
# Verify the current status of the DirSync Type
Get-MgOrganization | Select OnPremisesSyncEnabled
# Store the Tenant ID in a variable named organizationId
$organizationId = (Get-MgOrganization).Id
# Store the False value for the DirSyncEnabled Attribute
$params = @{     onPremisesSyncEnabled = $false   }
# Perform the update
Update-MgOrganization -OrganizationId $organizationId -BodyParameter $params
# Check that the command worked
Get-MgOrganization | Select OnPremisesSyncEnabled

    If you need further assistance, please let us know.  

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".   

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.   

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Raja Pothuraju 23,465 Reputation points Microsoft External Staff Moderator
    2025-06-16T14:40:07.38+00:00

    Hello Ejilson Nelson,

    Based on your description, I understand that you want to completely disable synchronization and convert synced users into cloud-only users without any on-premises attributes. Additionally, you mentioned that you no longer have access to Azure AD Connect or any on-premises synchronization tools on your server.

    To proceed with converting synced users into cloud-only users, please follow the steps below using Microsoft Graph Explorer to disable directory synchronization:

    • Open Microsoft Graph Explorer.
    • Sign in using a Global Administrator account.
    • Use the following PATCH request (replace {organization-id} with your actual Tenant ID):
    PATCH https://graph.microsoft.com/beta/organization/{organization-id} (Replace org id with Tenant ID)
    • Navigate to the Modify Permissions tab and grant Organization.ReadWrite.All permission (consent on behalf of the organization).
    • In the Request Body, enter the following JSON:
    {
  "onPremisesSyncEnabled": false
}
    • Click Run Query.

    Note: It may take 4–5 minutes for the changes to reflect in the Azure portal. The maximum time to disable directory sync is 72 hours, but it may vary based on the object size.

    User's image

    Once completed, the previously synced users will be converted to cloud-only users.

    Alternatively, you can also use PowerShell to disable directory synchronization. Please refer to the official Microsoft documentation below for detailed steps:

    Turn off directory synchronization for Microsoft 365

    Let me know if you need assistance with any of the steps.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.