Share via

How to properly decommission obsolete AADConnect server?

Dev 1 Reputation point
2022-06-07T15:56:56.777+00:00

How to properly decommission obsolete AADConnect server?

Hello,

We have total three AADConnect DEV servers.

Server #1 AADConnect version 1.6.16.0 : Windows 2K12 OS: Staging, local database

Server #2 AADConnect version 2.1.1.0: Windows 2K19 OS :Active mode, local database

Server #3 AADConnect version 2.1.1.0: Windows 2K19 OS : Staging mode, local database

We would like to get rid of server #1 (Windows 2K12 OS). Can we simply shut it off or should AADConnect client be uninstalled first from the server?
Is there other related steps that should be taken care of?

Thanks!

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,801 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Nick Von Ogden 41 Reputation points
    2022-06-09T06:18:39.11+00:00

    General Process

    1. Confirm your replacement server(s) are functioning, and one is in active mode.
    2. Query for current AD Connector Account and record/delete. If this is a MSOL_ account, I recommend deleting personally but that's up to you. If you are re-using accounts (which isn't best practice), do not delete it.
    3. Uninstall AD Connect.
    4. Remove server from AD Connect Health Monitoring (if applicable).
    5. Delete Azure AD Connect Account that was tied to the install of AD Connect for said server (the UPN should start with Sync_NameofComputer)

    Deleting Server from AD Connect Health monitoring:

    1. Go to Azure Active Directory Connect Health → Sync Services
    2. Select the corresponding service name (Tenant.onmicrosoft.com)
    3. Under Azure Active Directory Connect Servers, select the server that is being decommissioned. A new pane will appear.
    4. Click the Delete button near the top.
    5. Type the server name and click the Delete button near the bottom.

    Pulled this from my decommissioning notes, I went through a 1.X to 2.X swing migration upgrade and completed it 3-4 months ago. Upgrade went smooth, and we've had no issues post decommission. I'd recommend grabbing an AAD configuration backup just in case.

    Some helpful code as well below corresponding to steps 

        #Backup AAD Config if necessary  
    Get-ADSyncServerConfiguration -Path $PathHere  
      
    #Step 2 General Process  
    Import-Module "C:\Program Files\Microsoft Azure Active Directory Connect\AdSyncConfig\AdSyncConfig.psm1"  
    $ConnectorAccount = Get-ADSyncADConnectorAccount | Select-Object -ExpandProperty ADConnectorAccountName  
    $ConnectorAccount  
    Remove-ADUser -Identity $ConnectorAccount  
      
    #Step 5 General Process  
    Connect-AzureAD  
    Get-AzureADUser -SearchString 'On-Premises Directory Synchronization Service Account'  
    # Determine proper object ID from list, if needed  
    Remove-AzureADUser -ObjectId "$ObjectIDhere"
    3 people found this answer helpful.
    0 comments
  2. Andy David - MVP 142.7K Reputation points MVP
    2022-06-07T16:59:54.77+00:00

    You can follow Jeff's steps here and uninstall AADConnect and remove the old account associated with it:

    https://blog.expta.com/2021/07/how-to-migrate-aad-connect-to-new-server.html

    I would remove the agent for that old server in Azure as well if its enabled:

    https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-operations

    0 comments