Disable Azure AD Connect Synchronization

by

On-premises AD accounts are synced to Azure using the Azure AD Connect software (Now called Microsoft Entra Connect). There are times when you need to disable the synchronization such as removing accounts, fully moving to the cloud, or troubleshooting.

In this post, I’ll show you the steps to disable the Azure AD sync.

What Happens When you Disable Synchronization

  • Users previously synced from on-prem AD become cloud-managed users.
  • Passwords and attributes stop syncing.
  • Future changes in local AD won’t affect Microsoft 365 users.

Important: According to Microsoft’s documentation on directory synchronization you may need to wait up to 72 hours before you can turn directory synchronization back on. I had no issues disabling the sync and turning it back on.

How to Disable Azure AD Synchronization

Note: These steps connect to Entra tenant to disable synchronization so it wont matter if you are using the Azure AD Connect or Entra Connect tool in your on-prem environment.

Step 1. Install the Microsoft Graph Module

Open an elevated Windows PowerShell command and run the following command.

Install-Module Microsoft.Graph -Force

Step 2. Connect with your Administrator Account

Connect-MgGraph -scopes "Organization.ReadWrite.All,Directory.ReadWrite.All"

Step 3. Check Current Sync Status (true or false)

Get-MgOrganization | Select-Object DisplayName, Id, OnPremisesSyncEnabled

Step 4. Disable Sync

Replace xxx with your tenant ID

Update-MgOrganization -OrganizationId xxx -BodyParameter @{ OnPremisesSyncEnabled = $false }

Step 5. Verify Sync is Disabled

Get-MgOrganization | Select-Object DisplayName, Id, OnPremisesSyncEnabled

Step 6. Re-enable Azure AD Sync

Replace xxx with your tenant ID

Update-MgOrganization -OrganizationId xxx -BodyParameter -BodyParameter @{ OnPremisesSyncEnabled = $true }

Note: When you disable the synchronization, any on-premises synced accounts will be changed to cloud only.

For example, the account Christopher Sisco is showing “Synced from on-premises”

After I disabled the synchronization the account changed to cloud only in Azure.

Related Articles

Permanently Remove Deleted Users from Office 365

How to Sync On-Prem AD With Existing Azure AD Users