Turning off Azure AD Connect. Removing local Domain Controller

Dartey Banahene 1 Reputation point
2020-01-15T16:17:48.427+00:00

Hello, I've got a slight issue.
I've been tasked with removing our local domain controller with the end goals being;

  1. Our user base is 100% Cloud only
  2. We eliminate the need for Azure AD Connect
  3. Make sure that all machines in our environment are registered in Azure AD and InTune

I am trying to find out if there is a streamlined way to accomplish this without having to restore my entire user base considering once Azure AD is disconnected the users would be deleted in O365.

So far I've read and tested that when they are deleted you can restore the account and not loose any data.

Is there a way to do this in bulk, as in restore my entire company in one fell swoop?
Is it even reasonable to think this way or can this be scripted? I ask because it seems as if you can only select one user at a time to restore.

I've created an OU in our Local AD infrastructure that AAD Sync doesn't look at so that I can keep the accounts active just in case I have to roll things back and maintain the structure. I greatly appreciate any and all advice here.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,389 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vasil Michev 94,911 Reputation points MVP
    2020-01-15T17:12:54.54+00:00

    They will NOT be deleted from Azure AD, you simply need to disable DirSync in the tenant settings first: https://learn.microsoft.com/en-us/office365/enterprise/turn-off-directory-synchronization

    The process might take a while depending on the size of the organization, and once its complete you can manage the users directly in the cloud.