question

RodneyLane-7395 avatar image
0 Votes"
RodneyLane-7395 asked ·

Removal of AD Connect Dramas - help!!

Hi

I am fairly new to Azure and have been trying to learn.

I have been attempting to learn how to use AD Connect to link a test AD domain VM running on local premises to an MSDN Azure AD Account.

Suffice to say I managed to royally mess it up.

I followed instructions on removing AD Connect from the domain controller and disabled Sync.

When I check the status of the sync in the powershell commandlet, it says that its disabled.

When I try to log into Azure using my Azure AD Account, it keeps trying to take me to the afds.mydomain.onmicrosoft.com link which doesnt exist.

So I have lost access to Azure and office 365 email :|

I tried re-installing AD Connect (as a lot of the documentation states I need AD Connect to do or change anything - but when I try to install it it tells me that "directory synchronization is currently in a pending disable state for this directory. Please wait until directory synchronization has been fully disabled before trying again."

So according to the commandlet, the sync is disabled, but according to the installer - its pending disable.

It has been about 12 hours since the sync was disabled and ADConnect removed

The AD Domain that was synchronized had 1 user account and 2 computer accounts so its not a large domain.

So at the moment I am stuck - cant log into azure with no apparent way to fix it.

Can someone advise how I might go about cleaning up this mess?

Thanks in Advance

Rod.

azure-active-directory
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

michev avatar image
2 Votes"
michev answered ·

Seems you had federation enabled? If that's the case, you need to convert the domain and all users to cloud-only auth. One way to toggle is indeed via the AAD Connect client, but you can also do so via PowerShell:

 Set-MsolDomainAuthentication -DomainName domain.com -Authentication managed

In case you didn't have password hash sync enabled, the cloud users will have to be "converted" as well:

 Convert-MsolFederatedUser -UserPrincipalName user@domain.com
· 1 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks Very much

That simple command fixed everything.

Much appreciated :)

Cheers

Rod.

0 Votes 0 ·