Avatar of Chris H
Chris H
Flag for United States of America asked on

Broken Azure AD Connect System Corrections

I have a client that we are trying to repair their Azure AD Connect system. The former IT Provider partially set it up but never fully configured it. They have some users synced but most are disconnected - maybe about 20-30 users out of several hundred. 

At this point, we have determined they put it into staging mode so nothing is actually running right now. We have a UPN Change project that the client is wanting to perform. Rather than attempting to fix the AAD Connect, we want to rip it out. In the meantime, we also need to be able to manage the accounts, and to keep it simple, we want to do this via O365. 

We plan on rebuilding the AD Connect system in a few months after the change, just don't have the time in order to fix it prior. 

Basically - what I am trying to figure out is has anyone removed an AD Connect system/disconnected their O365 and AD fully? Is it as simple as turning it off via Powershell (I found this command and appears to do what we want : "Set-MsolDirSyncEnabled -EnableDirSync $false") and then cleaning up the immutable IDs? Is there a potential impact that we should watch for specifically? 

AzureMicrosoft 365Powershell

Avatar of undefined
Last Comment
Chris H

8/22/2022 - Mon
Hayes Jupe

That's just making your own life hard.

If you plan on re-instating AADConnect, why would you not "just do it" ? Installing and configuring on a new server is going to take a grand total of 15 minutes (if that).

If you go down the path of removing it - then the "few months down the track" you will need to hard match any and all users you have swapped over to cloud identifies - this is not hard - but things need to be done in the right order... and will take you longer than re-installing AADConnect.
Chris H

To rephrase, the customer wants azure ad sync turned off. How do we convert everyone to cloud only like they had it initially? 
Hayes Jupe

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Chris H

The passwords aren't synching... that's kind of the problem.  Users are well aware of having two different passwords and synching them will actually cause disruption, even though it's a saner approach.  I know this sounds annoying, but it's the cleaner solution right now.

All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck