Hi @Adam Krasuski ,
Please check in the AAD Admin portal if the agent is Active or Inactive. If it is Inactive, it should be automatically removed after few days from the portal and you should be good to go. But if it's still showing as Active then it's more complicated and users may be blocked from authenticating.
If you still have access to the PTA server, you can rerun the Azure AD Connect wizard and change the user sign-in method from Pass-through Authentication to another method. Then you can log on and go to Control Panel -> Programs -> Programs and Features and uninstall both the Microsoft Azure AD Connect Authentication Agent and the Microsoft Azure AD Connect Agent Updater programs.
If the agent is listed as Active and Azure is still reaching out to try to authenticate then your best option may be to recreate the users.
From the FAQ
How can I disable Pass-through Authentication?
Rerun the Azure AD Connect wizard and change the user sign-in method from Pass-through Authentication to another method. This change disables Pass-through Authentication on the tenant and uninstalls the Authentication Agent from the server. You must manually uninstall the Authentication Agents from the other servers.
What happens when I uninstall a Pass-through Authentication Agent?
If you uninstall a Pass-through Authentication Agent from a server, it causes the server to stop accepting sign-in requests. To avoid breaking the user sign-in capability on your tenant, ensure that you have another Authentication Agent running before you uninstall a Pass-through Authentication Agent.