question

RolN-4751 avatar image
0 Votes"
RolN-4751 asked shashishailaj edited

Disable Azure AD Sync and Federation

Hi,

I have to disable all Azure AD sync connections in a customer's environment.
User logon is forwarded to a portal that is not available anymore and users were synced with a local AD structure.
Since the local structure can not be accessed anymore without a lot of "roll-back work" I would like to disable the forward and
enable users to use the Microsoft login (portal.office.com) and use all the apps and data that is created already in Teams and so on.

I found a guide to disable Federated services but I am not sure if that is all I need to do and what will happen with users that are
already available and in use.

1 ) Open “Microsoft Azure Active Directory Module for Windows PowerShell“
2) Connect-MsolService – Enter Global Administrator Credential
3) Run get-MsolDomain and you will find that your domain is federated:
4) Convert-MsolDomainToStandard -DomainName Pelegit.co.il -PasswordFile C:\1.TXT -SkipUserConversion $true (The file won’t created):
5) Set-MsolDomainAuthentication -DomainName Pelegit.co.il -Authentication Managed
6) Get-MsolDomains:

In my case I would not skip the user conversion and set a new password for all users.

Can someone tell me if the conversion won't harm any data saved for the users in mailbox, the cloud and teams?

regards
Roland

azure-ad-connectadfs
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@RolN-4751 , I believe in your case the customer have decommissioned the on-premise environment and since there is no on-prem DC so there is no need for syncing users to azure AD and you can convert the domain from federated to standard domain in your azure AD tenant . The steps you have mentioned are correct. In this case you will not see any issues with mailbox and cloud data etc. because this change is only for custom domain and it does not change the user account . this affects the authentication systems only and not the other services. The UPN of user would not change from what I understand from your details and it should not cause any issue. Let me know if you still need any help on this and we can help you further .

0 Votes 0 ·

0 Answers