How to disable Azure AD connect for further directory delete

Azure Active Directory (Azure AD) is Microsoft’s multi-tenant, cloud based directory and identity management service. Azure AD combines core directory services, advanced identity governance, and application access management. Azure AD also offers a rich, standards-based platform that enables developers to deliver access control to their applications, based on centralized policy and rules.

The problem

The problem occurs when you delete (disconnect) on-prim AD from your Azure AD. It can't sync with your AD and sends you emails, at the same time you can't delete it since you still have some users taken from on-prem directory.

Azure AD sync enabled

Solution

In Azure portal we have cloud shell (either bash or powershell). We want to create new (if have not created yet) powershell shell environment and drop the following lines in to it:

  • Make sure you still have (or create the user with Global Administrator role) in directory users.
  • Make sure you call Azure AD cmdlets in your shell powershell environment.

$Msolcred = Get-credential
Connect-MsolService -Credential $MsolCred

Set-MsolDirSyncEnabled –EnableDirSync $false

Now you have sync-disabled, make sure you don't have any users from your on-prem AD. You can delete your directory.

Credits


In short, this is about:
#azure
#azure ad

Start discussion:
Related articles: