ADConnect - How do I stop syncing certain objects without them being removed from tenant

Emmons, Crystal-sa 1 Reputation point
2021-11-18T16:29:30.67+00:00

I am preparing to merge two tenants together. I have objects for both source/target tenant in one on-premise AD already. I'll need to convert the recipient for the source tenant to mail users to prepare for migration - also adding various required attributes to the object (changing email)-this occurs in on-premise AD. At that point I can't sync that user/group to the source tenant anymore. However, I need the mailbox to remain in the Source tenant for the migration process. Typically, if objects have been synced in the past, and stops being apart of sync - O365 deletes them from tenant. I need object to remain in tenant for that a user/group/batch. I'd rather not stop ADConnect altogether - this forces me to rush migration process - because objects couldn't have changes anymore until after migration was complete. Is there a way for ADConnect to continue to run and sync - just omitting certain batches of users - and not kill them from source tenant.

Thanks
Crystal

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,226 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Marilee Turscak-MSFT 37,141 Reputation points Microsoft Employee
    2021-11-22T22:03:19.75+00:00

    You can accomplish this by converting the users from on-premises users to cloud-only accounts.

    Guidance from support has been to convert the user by following these steps:

    1. Move the Active Directory object to non-synchronized OU, and have AAD delete it from AAD
    2. Run the delta sync
    3. Run the delta sync again
    4. Restore the user from the cloud
    5. Restore the user from the local AD
    6. Run delta sync. The restored user will be a pure cloud object. Try to update its email address or department from cloud.

    Related threads, for reference:
    Stop syncing on-prem OU without deleting AAD/O365 users?
    Changing an "On-Premise" Synced user to CLOUD ONLY

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.