Share via

Deactivating DirSync

Anonymous
2016-11-28T15:09:42+00:00

to disconnect on-premises user from his mailbox.

We have a hybrid environment, with most of our users synced with DirSync from AD to 365.

I need to disconnect 2 mailboxes from their users. To do that I need to deactivate DirSync, delete the user from AD and then reactivate DirSync.

Is it safe to just run this command to deactivate it?

Set-MsolDirSyncEnabled -EnableDirSync $false

https://support.office.com/en-us/article/Turn-off-directory-synchronization-for-Office-365-ee5f861e-bd48-4267-83d1-a4ead4b4a00d?ui=en-US&rs=en-US&ad=US

And then of course reactivate with a similar command.

Set-MsolDirSyncEnabled -EnableDirSync $true
Microsoft 365 and Office | Subscription, account, billing | For home | Windows

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

Answer accepted by question author

Anonymous
2016-12-01T07:30:17+00:00

Hi Igor,

I’d like to clarify that if you want to remove a user from cloud, we suggest you remove the user from local AD or out of the Azure AD Connect filter scope. Keeping a user in the cloud but removing it from local AD is not official supported. Thank you for your understanding.

However, you can take Vasil’s advice. Every community member is welcome to share your thoughts here.

Regards,

Brook

Was this answer helpful?

0 comments

8 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2016-11-29T13:52:54+00:00

    It's not working for some reason.

    I am running the following cmdlets

    Remove-MsolUser -UserPrincipalName <UPN>

    Restore-MsolUser -UserPrincipalName <UPN>

    Set-MsolUser -UserPrincipalName <UPN> -ImmutableID $null

    What am I doing wrong?

    Maybe after the first cmdlet, I have to remove AD account and run dirsync?

    Was this answer helpful?

    0 comments
  2. Anonymous
    2016-11-28T20:50:33+00:00

    Of course you can delete users, that's what Remove-MsolUser is for :) The catch is that the user will be automatically recovered after the next dirsync cycle, but it doesnt matter in your case. Simply delete, recover, change the immutableId. At that point you can remove the on-prem user if you want.

    Was this answer helpful?

    0 comments
  3. Anonymous
    2016-11-28T20:25:30+00:00

    Hello Vasil,

    "Stopping dirsync will not help you disconnect a mailbox though, the only way to do that is to remove the Exchange license from the user. It will help if you want to break the link between the on-prem and the cloud user*"*

    I don't see how I can achieve this by just removing his license, the user is still synced with AD.

    "but this can also be done by simply deleting the cloud user, recovering him from the recycle bin and clearing the ImmutableID."

    I cannot delete the user from Exchange Online while it's still synced with AD.

    What I understand that I should do, is to stop dirsync, clear the ImmutableID, remove on-prem user and then reactivate dirsync and the status should change to cloud only.

    The only thing I'm worrying about is stopping dirsync.

    Was this answer helpful?

    0 comments
  4. Anonymous
    2016-11-28T18:35:07+00:00

    Yes, it's safe in general, although it can cause unwanted delays in some cases. Stopping dirsync will not help you disconnect a mailbox though, the only way to do that is to remove the Exchange license from the user. It will help if you want to break the link between the on-prem and the cloud user, but this can also be done by simply deleting the cloud user, recovering him from the recycle bin and clearing the ImmutableID.

    Was this answer helpful?

    0 comments