Disabling AAD Connect via Powershell or ?

AlbertGos 41 Reputation points
2020-06-18T14:58:32.767+00:00

I asked a similar question but not getting further responses so will pick up where I left off...

Client has decided they want to disable AAD connect such that the existing O365 objects are converted to cloud only. Someone here said to run a powershell cmdlet as that is more "permanent". Of course, I can turn off synching from the server that hosts AAD connect but that just "suspends" the process.

1) do I just re-run the AAD connect configurator to properly disable it on the server

2) what powershell command would I use to against the O365 tenant to convert those objects to cloud only objects

I have seen tech posts elesewhere where others have moved person objects out of the synched OU in AD to a new OU such that they stop synching but then the tenant deletes that person (or mailbox, not sure) and then you have to go in to O365, restore the mailbox and also then run a powershell command to delete the linking attribute (but it seems others still had problems with this method).

Also open to moving individuals in small batches if that works better (there are only 40 people in the tenant).

Any suggestions...thanks!

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,535 questions
0 comments No comments
{count} votes

Accepted answer
  1. Thierry DEMAN-BARCELO 491 Reputation points MVP
    2020-06-26T16:37:35.717+00:00

    Hi @AlbertGostick-6663,

    Yes, users (and groups) will be fully managed/Modified in O365.

    If passwords were synchronized, users can connect directly with UPN and same password as before.

    Thierry.

    1 person found this answer helpful.

2 additional answers

Sort by: Most helpful
  1. Vasil Michev 100K Reputation points MVP
    2020-06-18T17:02:38.95+00:00

    Both methods can work, the PowerShell cmdlet is usually used when you don't have access to the server. Here's the syntax:

    Set-MsolDirSyncEnabled -EnableDirSync $false
    

  2. Thierry DEMAN-BARCELO 491 Reputation points MVP
    2020-06-18T17:14:37.27+00:00

    Hello,

    moving users in an OU not synchronized is definitively not a good idea ! Users will be deleted at the next synchronization.

    Disable with Powershell or change the configuration in AAD, that will do a "conversion" of users from "Synchronized" to "managed" by O365. It is not the same thing.
    Note that Microsoft alerts about a possible 72H process to complete this operation (I think for tenant with lot of users).

    Bye.