Directory synchronization is currently in a pending disable state For More Than One Week

Nawaf Khalife 21 Reputation points
2020-05-20T16:44:55.4+00:00

I did disable Directory synchronization using powershell more than week ago and still in pending disable state and cannot enable it again.
When executing Azure AD Connect, I am getting the following error:

The Directory synchronization is currently in a pending disable state for this directory. Please wait until directory synchronization has been fully disabled before trying again.

Thanks.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,473 questions
0 comments
Accepted answer
  1. AmanpreetSingh-MSFT 56,306 Reputation points
    2020-05-20T17:02:09.67+00:00

    @Nawaf Khalife As directory synchronization isn't activated or deactivated after 72 hrs, follow these steps, and then contact Support:

    Run below PowerShell cmdlets:

    • Connect-MSOLService
    • (Get-MSOLCompanyInformation).DirectorySynchronizationStatus

    If the output is "PendingEnabled" or "PendingDisabled" after the expected enablement time period has passed, this is a known issue with Exchange Online.
    Collect the following information from the Windows PowerShell connection:

    • Context ID: To collect the context ID, type the following cmdlet, and then press Enter:
      (Get-MSOLCompanyInformation).objectID
    • Service instance: To collect the service instance, type the following cmdlet, and then press Enter:
      (Get-MSOLCompanyInformation).AuthorizedServiceInstances

    -----------------------------------------------------------------------------------------------------------

    Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.

    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jai Verma 461 Reputation points
    2020-05-20T16:53:11.21+00:00

    Did you try steps mentioned here - https://support.microsoft.com/en-in/help/2654338/directory-synchronization-for-office-365-azure-or-intune-can-t-be-acti

    In case you have, the only option is to contact Microsoft Support, they might need to make some changes in the backend to fix the issue.

    1 person found this answer helpful.
  2. Manu Philip 16,971 Reputation points MVP
    2020-05-20T16:57:31.613+00:00

    Hello @Nawaf Khalife ,

    Seems you had federation enabled? If that's the case, you need to convert the domain and all users to cloud-only auth. One way to toggle is indeed via the AAD Connect client, but you can also do so via PowerShell: 

    Set-MsolDomainAuthentication -DomainName domain.com -Authentication managed

    In case you didn't have password hash sync enabled, the cloud users will have to be "converted" as well: 

    Convert-MsolFederatedUser -UserPrincipalName user@domain.com

    Thanks,
    Manu