Home » Cloud » [solved] how to decommission an Azure AD connect server for Office365

[solved] how to decommission an Azure AD connect server for Office365

Problem

Microsoft/Azure AD connect server also known as dsync server functions a sync server which syncs all the objects between your on premise Active directory and Azure AD in the cloud. This is very common in all the hybrid environment where corporate firms are in Office365 for emails and still have on premise Active Directory.

As users are created in on premise Active Directory, objects then gets syncs to Azure AD using the AD connect server.

You can always see the status by logging into https://poral.azure.com

Solution

Here are steps to disable sync service step by step.

  1. Open Powershell and run Connect-MsolService
  2. Run Set-MsolDirSyncEnabled -EnableDirSync $false using the admin account
  3. This will stop the sync and will covert all the users from hybrid to cloud only users.

Now check the status by logging into the portal using https://poral.azure.com and can see the status is now changed from “sync status” “enabled” to “not installed”

within 24 hours all users should now be showing cloud only users. you can run the following PowerShell command to export the list of all the users that were synced before dir sync was disabled.

Open PowerShell and connect to type Connect-Azuread and use admin credentials to run the command below.

Get-MsolUser -Synchronized | Export-Csv c:\scripts\sync-users.csv -NoClobber.

The output of the file should be zero users, since no users are synced anymore and they have now been converted to cloud users.

Now you can log into the AD connect server and uninstall AD connect by going to the control panel and removing AD connect using program and features.

You will see a successful message in the below screenshot, once all the services have been uninstalled.

You can then navigate to c:\program files and delete the “Microsoft Azure Active Directory Connect” folder which will remove the three files shown below.

The only component now left is to delete the orphan AD connect object in the Azure portal.

Leave a Reply

Your email address will not be published. Required fields are marked *

*
*