Share via

Fully Migrate from Azure AD Connect to Azure AD cloud sync

Michael Binkley 26 Reputation points
2021-12-30T03:28:11.907+00:00

We are currently synchronizing our users to Azure AD from our on-prem AD using Azure AD Connect but would like to fully migrate to using Azure AD cloud sync.

I have been through all of the official documentation for the product but cannot find anything that would list the steps to stop using Azure AD Connect after installing cloud sync. cloud-sync

The closest documentation to what I want to do is setting up a pilot sync for an existing forest but it does not discuss what do to do after the pilot is a success. tutorial-pilot-aadc-aadccp

I did complete a successful pilot and excluded those users from being synced by Azure AD Connect with no issues. Seeing cloud sync achieves what we need, I would like to move the entire forest to use cloud sync but am uncertain as to the next steps. Is it just as simple as uninstalling the Azure AD Connect service or are there more steps that need to be completed? I read that when you want to stop synchronizing you should run a PowerShell command to convert the users from synced users to cloud users but I don't think that is what I want to do in this case, since the users would still be synchronized, just using a different method.

Does anyone have any suggestions on the next steps to stop using Azure AD Connect completely, and switch to cloud sync without causing any interruptions to our end users?

Thanks in advance!
Michael

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
24,228 questions
0 comments
Accepted answer
  1. Andy David - MVP 155.2K Reputation points MVP
    2021-12-30T13:09:45.393+00:00

    Seems to me that I would put the AADConnect server into StagingMode, then enable cloud sync for the entire forest.
    You arent coverting any users to cloud users, so that step wouldnt be required.

    If all goes well, then you remove AADConnect.

    Are you sure you dont need any of the AADConnect features that arent supported by Cloud Sync?

    https://learn.microsoft.com/en-us/azure/active-directory/cloud-sync/what-is-cloud-sync#comparison-between-azure-ad-connect-and-cloud-sync

    1 person found this answer helpful.

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Justin Verstijnen 211 Reputation points
    2023-03-07T08:25:44.5566667+00:00

    I have tried this like @Andy David - MVP noted:

    1. Disable Azure AD Connect by setting it to staging mode
    2. Install the new Azure AD Cloud Sync agent on one of the domain controllers
    3. Log into your global administrator account and your local AD DS administrator in the wizard
    4. In Azure AD create a new provisioning configuration for your domain
    5. Install the agent on all other domain controllers
    6. Enjoy

    This works as expected and is very simple.

    1 person found this answer helpful.
  2. Michael Binkley 26 Reputation points
    2022-01-02T17:45:15.987+00:00

    I am going to give this a try and will report back.

  3. Xavier Veral Martinez 1 Reputation point
    2022-05-05T14:40:56.58+00:00

    Im at the same, exactly like you, everything ready to make the move but just 'hoping' that on the legacy AAD we just shutdown the servers and theres nothing else to do. Can you confirm it goes like this? how is it going after several months with the new AAD agent? thanks

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.