![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 59%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAV%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 57.00000000000001%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
@Aorangi Vaia , Apologies for the delayed reply . I understand that you are trying to decommission ADFS service and move to Password Hash Sync completely. Ideally from a deployment perspective you should enable the Password Hash Sync on the old AD connect server first . This way, when you export the settings you wont need to deal with any cleanup on the new AD connect server.
Once this is done , you should update the domains in your tenant from Federated to Managed. You should use the following commands and run the same on AD FS server . This will delete the replying party connector for Office365/AzureAD on AD FS server. You can keep the AD FS running if you have applications using legacy authentication . However since the Office 365 relying party connector is removed , any authentication to Microsoft Azure cloud/Office 365 services/azureAD will be directly through the cloud.
- Install Azure AD PowerShell Module.
- Login to Powershell module using Azure AD global Administrator.
- Run the cmdlet for each domain.
-
Set-MsolDomainAuthentication -Authentication Managed -DomainName <domain name>
-
- Check the instructions here.
You can do the migration of users from federated auth to cloud authentication only using staged rollout which means using a small set of users to experience the cloud authentication using Password hash sync rather than all at once . Please review the complete guide to migrate from federation to cloud authentication .
Hope the information is helpful and clarifies your doubts. If the information in the post is helpful , please do accept the post as answer which can help other members in the community with similar queries. I have linked some articles and I would suggest to go through them which will help you in a better way . Should you still have any queries , please let us know and we will be happy to help .
Thank you.
----------------------------------------------------------------------------------------------------------------------------------------------------------
- Please don't forget to click on
whenever the information provided helps you. Original posters help the community find answers faster by identifying the correct answer. Here is how - Want a reminder to come back and check responses? Here is how to subscribe to a notification
- If you are interested in joining the VM program and help shape the future of Q&A: Here is how you can be part of Q&A Volunteer Moderators