Disable ADSync Following Azure Migration
CYBER SECURITY BEST PRACTICE HUB, HOW TO, IT SCRIPT HUB, MSP HUB

Disable ADSync Following Azure Migration

April 18, 2021
135 views
2 min read
Add comment
FacebookTwitterRedditPinterestEmail
As many businesses move to fully cloud, the requirement to now break their links with their onsite Active Directory is important to allow changes to be made directly on the Office 365 tenant. Prior to this, the onsite server side Active Directory was responsible for new users, amending details of users and folder permissions to the local server, which then synced to Azure Active Directory. And once your server has been decommissioned, breaking this link is very simple and quick to do.
 

Do I need to do this?

It is very common for businesses to sync onsite Active Directory with Azure Active Directory. For one, password syncronisation can occur between local and the Microsoft cloud, meaning credentials are the same between the two.

How Do I Disable ADsync?

Uninstalling ADsync

Firstly, and I guess a very rare occurrence, you may be keeping your onsite server. There could be a legacy application that one day you may need access to, or an application that has not been created an a SAAS yet.

The Powershell Part

If you no longer have access to the ADSync server, you can run the following commands to disable ADSync on your Office 365 tenant:

Install-Module MSOnline

Connect-MsolService

To verify enabled and set to true – (Get-MsolCompanyInformation).DirectorySyncronizationEnabled

Set-MsolDirSyncEnabled -EnableDirSync $false

To verify change has worked – (Get-MsolCompanyInformation).DirectorySyncronizationEnabled

The Microsoft Windows Server Part

If you have migrated your on-premises Active Directory to Azure Active Directory and no longer need to synchronize your on-premises directory with Azure, you can disable the Azure AD Connect synchronization service. Here are the steps to disable AD Sync:

  1. On your Azure AD Connect server, open the Azure AD Connect configuration wizard.
  2. Click on the “Configure” tab and select “Customize Synchronization Options”.
  3. Click on “Next” until you reach the “Optional Features” page.
  4. Uncheck the “Synchronize options for Exchange” checkbox, as well as any other options you no longer need to synchronize.
  5. Click on “Next” until you reach the “Ready to Configure” page.
  6. Click on “Configure” to apply the changes.
  7. Once the configuration is complete, click on “Exit” to close the wizard.

This will disable the Azure AD Connect synchronization service and stop the synchronization process between your on-premises Active Directory and Azure Active Directory. Note that disabling AD Sync may cause issues with some applications that rely on Active Directory for authentication or authorization. Make sure to test your applications thoroughly before disabling AD Sync.

Dave King

View all posts

Add comment