Disable Azure AD Connect Synchronization

by Robert Allen

How to disable azure ad synchronization

On-premises AD accounts are synced to Azure using the Azure AD Connect software. There are times when you need to disable the synchronization such as removing accounts, fully moving to the cloud, or troubleshooting.

In this post, I’ll show you the steps to disable the Azure AD sync.

Important: When you disable AD synchronization you must wait a while before you can turn it back on. I cannot find any documentation from Microsoft on how long you must wait. In my testing, I had to wait about an hour.

How to Disable Azure AD Synchronization

Step 1. Install the Azure AD module

Open an elevated Windows PowerShell command and run the following command.

Install-Module MSOnline

Step 2. Connect to Azure AD

Connect-MsolService

Step 3. Check Current Sync Status (true or false)

(Get-MSOLCompanyInformation).DirectorySynchronizationEnabled

Step 4. Disable Azure AD Sync

Set-MsolDirSyncEnabled -EnableDirSync $false

If you want to turn synchronization back on run this command. 

Set-MsolDirSyncEnabled -EnableDirSync $true

Note: When you disable the synchronization, any on-premises synced accounts will be changed to cloud only.

For example, the account Christopher Sisco is showing “Synced from on-premises”

After I disabled the synchronization the account changed to cloud only in Azure.

If you get the error ” Set-MsolDirSyncEnabled : You cannot turn off Active Directory synchronization.” This means you have recently changed the status and the Azure services are preventing you from changing it back. You will have to wait a while before you can turn it back on. I had to wait about an hour before I could turn the sync back on.

If you enjoyed this article you may also like how to permanently remove deleted users from Office 365. Post your questions or comments below.

Recommended Tools

  • AD Cleanup Tool - Find stale and inactive user and computer accounts in Active Directory. Export, disable, move or delete the stale accounts to increase security.
  • AD User Creation Tool - Bulk import or update Active Directory user accounts. Add users to groups, import into OUs, set multiple attributes and more.
  • NTFS Permissions Tool - Scan and audit NTFS folder permissions. See which users and groups have access to what.
  • AD Reporting Tool - Over 200 reports on users, computers, groups, OUs and more. Customize reports or create your own reports with the report builder.

7 thoughts on “Disable Azure AD Connect Synchronization”

    • Hi Javi,

      If you are wanting to disable sync for a specific user I would suggest moving them outside of the chosen OU that is being synced to Entra ID. It is usually best practice to select OUs to sync instead of the whole AD forest when configuring Azure AD Connect. If you did not do this, you can always easily change this configuration.

      Reply

  3. After I run the command, what should I do with my Azure AD Connect server? Any specific deprovisioning steps I need to take?

    Reply

Leave a Comment