Removal of AD Connect Sync be

Liam Fermoyle 41 Reputation points
2021-01-21T16:17:10.67+00:00

We currently have our estate on AzureAD (users / laptops). Users log in using "Work or School" accounts. We have set up an on-prem AD. Changing the laptops to point to the domain and created users and synced using ADConnect (after creating "replicated" users). All the users in AzureAD have changed to "source: Windows Server AD".

However we have decided to stick with AzureAD to manage the devices/users/groups etc. Keeping just our physical servers on prem connected to the on prem AD possibly without syncing.

How can I remove the users in the on-prem AD, while setting the source for the users in AzureAD from "Windows server AD" to "Azure Active Directory" like they were originally?

Once the users are removed from the on-prem AD and any devices. I may want to allow AzureAD users to connect to the on-prem AD, if at all possible. Can this be done?

The link below to linked to this but I need more explanation and details on how to do this.

https://learn.microsoft.com/en-us/answers/questions/29314/change-azure-ad-source-of-authority-1.html

Thank you

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,079 questions
0 comments No comments
{count} votes

Accepted answer
  1. mirba-msft 651 Reputation points Microsoft Employee
    2021-01-22T09:23:19.043+00:00

    Hello @Liam Fermoyle

    Thank you for reaching out to us.

    In regards to make the synced Accounts cloud only and no longer managed by local AD and changing their source of Authority to Azure AD you need to run the following PowerShell command below.

    Connect-MsolService and sign-in using Global Administrator account.

    Set-MsolDirSyncEnabled -EnableDirsync $False

    After running this cmdlet, you should be able to manage/modify/delete synced accounts via Azure AD. And if you are no longer using Azure AD Connect then you can disabled it or uninstall it.

    when you run the above command in order to make effect it takes from 24- 72 hours.

    Coming to your second question once you make the users cloud only its not possible for them to be connected to local AD.

    In case you have any questions on the same, you can surely let us know and we will be happy to help you further. If this post provides you the answer you were looking for, do accept it as an answer in the interest of community members with similar queries. If this does not answer, please ask further in the comments and we will happy to address your concerns.

    Thank you.

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.