Deleting Sync Service in Azure Active Directory Connect Health

Question

Hi

I made a mistake a while ago where I was installing AD Connect to an AD server in order to run some tests later but the intention was not to sync anything yet, but I accidentally did, so about 80 users ended up getting deleted in Azure. I restored accounts in Azure and they seem to be working and it seems most user accounts that synced had their password synced with AD so their password for Azure is now the AD password, which is not a big problem per se but the problem is now that I do not want to have the sync enabled.

When I am about to delete the AD server as a service in Azure Active Directory Connect Health menu in Azure portal it gives me a list of warnings of what will ensue from deletion and because this is the actual production enviornment that I am working with, the following part on that list is what concerns me:

"All data from this service instance will be deleted as per the Microsoft Azure Data Retention Policy."

My question is: will this delete existing passwords from all those users that were synced or will this possibly delete entire Azure accounts that have been synced?

I am mostly worried about losing users' personal data in the cloud like emails, onedrive etc.

My presumption is this will only delete user accounts that originate from AD and not those that originate from Azure, but because of the vagueness of that warning I am a little hesitant to actually delete the service.

I severed the connection between AD and Azure yesterday by uninstalling Azure AD connect on the AD server and thus far everything seems to be okay, but I worry that, if prolonged, this severed connection will result in something breaking.

Can anyone clarify what data I can expect to lose if I proceed with the deletion?

Answer 1

@VPLunn22 Thanks for reaching out.

1) If you do not want to sync anything from on-premises and want to delete whatever has synced from on prem to azure AD
You need to delete those user accounts from on-premises let that change sync to Azure AD via azure AD connect, this will remove all the objects which were synced from onprem AD.

2) If you have already uninstalled azure AD connect and want to remove the accounts which got already synced.
You need to disable the directory synchronization first, this will make all the user which were synced to AzureAD as Cloud only accounts and you will be able to delete them from portal or from powershell.

3) Accounts created directly on Azure AD (Cloud only accounts)
These type of accounts will not have any effect for your process, they will continue to authenticate and function normally with no data loss.

Let me know if you have any further question.

-----------------------------------------------------------------------------------------------------------------

If the suggested response helped you resolve your issue, please do not forget to accept the response as Answer and "Up-Vote" for the answer that helped you for benefit of the community.