Link to home
Start Free TrialLog in
Avatar of Chris H
Chris HFlag for United States of America

asked on

Broken Azure AD Connect System Corrections

I have a client that we are trying to repair their Azure AD Connect system. The former IT Provider partially set it up but never fully configured it. They have some users synced but most are disconnected - maybe about 20-30 users out of several hundred. 

At this point, we have determined they put it into staging mode so nothing is actually running right now. We have a UPN Change project that the client is wanting to perform. Rather than attempting to fix the AAD Connect, we want to rip it out. In the meantime, we also need to be able to manage the accounts, and to keep it simple, we want to do this via O365. 

We plan on rebuilding the AD Connect system in a few months after the change, just don't have the time in order to fix it prior. 


Basically - what I am trying to figure out is has anyone removed an AD Connect system/disconnected their O365 and AD fully? Is it as simple as turning it off via Powershell (I found this command and appears to do what we want : "Set-MsolDirSyncEnabled -EnableDirSync $false") and then cleaning up the immutable IDs? Is there a potential impact that we should watch for specifically? 

Avatar of Hayes Jupe
Hayes Jupe
Flag of Australia image

That's just making your own life hard.

If you plan on re-instating AADConnect, why would you not "just do it" ? Installing and configuring on a new server is going to take a grand total of 15 minutes (if that).

If you go down the path of removing it - then the "few months down the track" you will need to hard match any and all users you have swapped over to cloud identifies - this is not hard - but things need to be done in the right order... and will take you longer than re-installing AADConnect.
Avatar of Chris H

ASKER

To rephrase, the customer wants azure ad sync turned off. How do we convert everyone to cloud only like they had it initially? 
ASKER CERTIFIED SOLUTION
Avatar of Hayes Jupe
Hayes Jupe
Flag of Australia image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Chris H

ASKER

The passwords aren't synching... that's kind of the problem.  Users are well aware of having two different passwords and synching them will actually cause disruption, even though it's a saner approach.  I know this sounds annoying, but it's the cleaner solution right now.

Thanks!