Turn off directory synchronization for Microsoft 365
Article
You can use PowerShell to turn off directory synchronization and convert your synchronized users to cloud-only. However, it isn't recommended that you turn off directory synchronization as a troubleshooting step. If you need assistance with troubleshooting directory synchronization, see the Fixing problems with directory synchronization for Microsoft 365 article.
If your goal is to permanently disable synchronization in the tenant, you should first uninstall the synchronization client (such as Connect Sync or Cloud Sync).
Disabling synchronization before uninstalling the sync client might result in the Entra Id Portal showing directory synchronization as disabled, but optional features such as Password Hash Synchronization show as enabled. Although this should not cause any issues, and the optional feature would not work when directory synchronization is disabled, it may lead to an unexpected status in the Portal.
Use Update-MgBetaOrganization to disable directory synchronization:
# Install v1.0 and beta Microsoft Graph PowerShell modules
Install-Module Microsoft.Graph -Force
Install-Module Microsoft.Graph.Beta -AllowClobber -Force
# Connect With Hybrid Identity Administrator Account
Connect-MgGraph -scopes "Organization.ReadWrite.All,Directory.ReadWrite.All"
# Verify the current status of the DirSync Type
Get-MgOrganization | Select OnPremisesSyncEnabled
# Store the Tenant ID in a variable named organizationId
$organizationId = (Get-MgOrganization).Id
# Store the False value for the DirSyncEnabled Attribute
$params = @{
onPremisesSyncEnabled = $false
}
# Perform the update
Update-MgOrganization -OrganizationId $organizationId -BodyParameter $params
# Check that the command worked
Get-MgOrganization | Select OnPremisesSyncEnabled
Note
If you use this command, you must wait 72 hours before you can turn directory synchronization back on.
This process will clear the following on-premises properties:
This learning path examines how organizations should plan for and implement identity synchronization in a hybrid Microsoft 365 deployment. You learn how to implement Microsoft Entra Connect Sync and Microsoft Entra Cloud Sync, and how to manage synchronized identities.
If you’re an administrator who deploys and manages Microsoft 365 and performs Microsoft 365 tenant-level implementation and administration of cloud and hybrid environments, this certification is designed for you.