Disabling or removing Azure AD Connect

AlbertGos 41 Reputation points

A client of mine had me install AD Connect a few years ago to sync pwds to their new O365 tenant. Now they are asking for it to be removed as they want to enforce a different password on their O365 mailboxes than on their AD accounts. It took a fair bit to get this working properly and I would prefer that I somehow just disable this "semi-permanently" than to uninstall all components.

I know I can stop the sync service but I want to make sure that:

a) it does not somehow start back up on its own (on an upgrade or a reboot etc.)
b) and by just suspending synch, O365 does not start to show all kinds of errors

If I cannot just disable safely, then I need to know how to uninstall in such a way that there are not a lot of errors being thrown in O365. There does not seem to be a document on how to uninstall properly so any suggestions appreciated.

Thank you

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,492 questions
0 comments No comments
{count} votes

Accepted answer
  1. Vasil Michev 99,941 Reputation points MVP

    You can disable it either client-side (on the AAD Connect server) or server-side (via the corresponding PowerShell cmdlet). In the former scenario, objects continue to be managed on-premises, any updates you make will not be synchronized of course and you will eventually start receiving emails telling you that no recent sync has occurred. If you disable it server-side, objects will be "converted" to cloud-only and can be managed directly in Azure AD/Office 365.

    Now, if password is the only thing they want, the above is mute. You can have different passwords configured in the cloud vs on-premises, even when password sync is enabled. But if that's the way they want it, you should disable the password sync feature by rerunning the AAD Connect config wizard. So TL;DR answer is, depends on what your end goal is here.

3 additional answers

Sort by: Most helpful
  1. AlbertGos 41 Reputation points

    Right...I forgot that AD Connect not only syncs passwords but also all AD objects from the selected OU's AD. which means if they really want this service disconnected and the objects in O365 converted to cloud only, then I really need to know the steps for that.

    I think they also want to go to a hybrid solution in the next year as they find the O365 tenant too slow. So that is the reason I was not going to blow away the whole setup - I figured we might need it in the future (do you know if we do? I think hybrid needs federation set up - which I have not done before so don't know much about it) and I wondered if the hybrid will also require AAD connect?


    0 comments No comments

  2. Vasil Michev 99,941 Reputation points MVP

    Hybrid requires AAD Connect, so you should leave it as is.

    0 comments No comments

  3. AlbertGos 41 Reputation points

    Hi Michev,

    I am going to suggest that we just turn off password sync and leaving AAD Connect set up.

    I poked around and could not find a setting in O365 to allow different passwords for it vs. on premises AD. I am guessing I have to set something as you cannot change the pwd in O365 at present - it alerts you to "change it some other way" which means going to AD to change.


    0 comments No comments