question

azuretraining2-0656 avatar image
0 Votes"
azuretraining2-0656 asked MikkelKnudsen-3362 published

Disable AD Connect

For the love of god can someone tell me how to turn AD Connect off? This is a training account, the on-prem server doesn't exist anymore, I am just trying to delete everything and kill AD connect. I get emails all the time saying this.. I do not care, how do I stop it from notifying me?

"Your identity synchronization from on-premises is unhealthy"


37126-image.png




I am able to connect to my Azure account using PowerShell (connect-azaccount), but none of the Get/Set-Az commands seem to have the ability to enable/disable AD Connect features. I've found tons of articles related to some msol cmdlet set, but I cannot connect to my azure account with that module at all. Tried to contact M$ support, they won't talk to me. Free chat support never loads and they want money.

Regards,
Adam Tyler

azure-ad-connect
image.png (50.4 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

ZollnerD avatar image
1 Vote"
ZollnerD answered MikkelKnudsen-3362 published

Hi @azuretraining2-0656 - please see the following document: https://docs.microsoft.com/en-us/microsoft-365/enterprise/turn-off-directory-synchronization?view=o365-worldwide

You'll need to install the MSOnline (Azure AD v1 PowerShell) module, and then run Set-MsolDirSyncEnabled -EnableDirSync $false. This will disable directory synchronization on your Azure AD tenant and will convert all synchronized objects (DirSyncEnabled = True) to cloud objects(DirsyncEnabled = False).

· 6
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for your post. I've been down the MSOnline PowerShell route.. I can't get past "connect-MsolService".. I get an error saying that "example.com isn't in our system. Make sure you typed it correctly".

This same user account works just fine to connect to Azure PowerShell.. Ie.. "Connect-AzAccount" ..

The logon is the only user that exists in the Azure account, has all rights and was used to originally setup the subscription.

Regards,
Adam Tyler

1 Vote 1 ·
ZollnerD avatar image ZollnerD azuretraining2-0656 ·

Is the account you're using a guest account in the Azure AD tenant? Ie: if you're signing in with user@outlook.com in the MSOnline PowerShell module, it won't know what Azure AD tenant to look for as Outlook isn't an AAD work/school domain. If you sign in with an account that originates from the Azure AD tenant you're using (ie: if your tenant is contoso.onmicrosoft.com, sign in with an account such as user@contoso.onmicrosoft.com) this might unblock you.

The MSOnline PowerShell module is the only way you're going to be able to disable directory synchronization on your tenant, so figuring out what's stopping you from signing in is the next step towards resolving your issue.

0 Votes 0 ·

Not sure what you mean by a guest account. The account I am using has owner level rights over the entire Azure account instance. I do see that the account doesn't share the same "userdomain.onmicrosoft.com" UPN when compared to new users that get created.

Getting closer. I was able to grant a new user "Global Admin" rights under Azure AD blade. Connected with Connect-msolservice now using new account.

Issued "Set-MsolDirSyncEnabled -EnableDirSync $false" command. Azure console still shows AD Connect is enabled though. Maybe it takes some time to reflect the change....

0 Votes 0 ·
image.png (12.8 KiB)
Show more comments