How to disable Entra Connect Sync

  • This topic is empty.
  • Post
    • January 1, 2025 at 7:22 am
    Weekend Wiki
    Keymaster
    Disabling Entra Connect Sync (formerly Azure AD Connect) stops the synchronization of objects between your on-premises Active Directory and Microsoft Entra ID (Azure AD). Below is a step-by-step guide to safely disable Entra Connect Sync.

    Steps to Disable Entra Connect Sync

    Step 1: Verify Admin Permissions

    Ensure you have:

    • Global Administrator permissions in Microsoft Entra ID.
    • Enterprise Admin or Domain Admin rights for your on-premises Active Directory.

    Step 2: Disable Directory Synchronization in Microsoft Entra ID

    1. Sign in to Microsoft Entra Admin Center:
    2. Disable Directory Sync:
      • Open Azure Active Directory > Users.
      • Click Manage > Azure AD Connect.
      • Click Manage tenant settings.
      • Locate the Directory Sync section and select Disable Directory Sync.
    3. Confirm the Action:
      • A warning message will appear. Confirm your decision to disable directory synchronization.
    4. Wait for Changes to Propagate:
      • It may take up to 72 hours for the change to take effect. During this time, synchronization stops.

    Step 3: Disable Synchronization on the Entra Connect Server

    Once you’ve disabled directory sync in the Entra Admin Center, stop Entra Connect Sync on the server.

    1. Log in to the Entra Connect Server:
      • Sign in to the server running Azure AD Connect.
    2. Launch PowerShell as Administrator:
      • Open PowerShell with administrative privileges.
    3. Run the Stop-Sync Command:
      • Use the following command to disable synchronization: 
        Set-ADSyncScheduler -SyncCycleEnabled $false
    4. Verify the Sync Status:
      • Run this command to confirm synchronization is disabled: 
        Get-ADSyncScheduler
      • Check the output for the property SyncCycleEnabled and ensure it says False.

    Step 4: Optional – Uninstall Azure AD Connect

    If you no longer need Azure AD Connect, you can uninstall it.

    1. Uninstall Azure AD Connect:
      • Go to Control Panel > Programs and Features.
      • Find Microsoft Azure AD Connect and uninstall it.
    2. Clean Up the Server:
      • Delete any remaining Azure AD Connect files or logs.

    Step 5: Verify Changes in Microsoft Entra ID

    1. Go back to the Microsoft Entra Admin Center.
    2. Verify that the synchronization status is set to Disabled.
    3. Ensure that new changes in your on-premises Active Directory are no longer reflected in Entra ID.

    Considerations Before Disabling

    1. User Authentication:
      • If users are logging in using hybrid identities (via AD Sync), you may need to reconfigure their authentication method to cloud-only.
    2. Licensing:
      • Any synchronized users will become cloud-only users after disabling sync, and licensing assignments may need to be updated.
    3. Rollback Plan:
      • Ensure you have a rollback plan in case directory synchronization needs to be re-enabled.
    4. Access to the Entra Admin Center:
      • If you disable sync, but no cloud-admin accounts exist in your tenant, you may lose access. Ensure you have at least one Global Administrator account that is cloud-only.

    By following these steps, you can safely disable Entra Connect Sync while minimizing any disruptions to your environment. Let me know if you’d like assistance with any specific step!

  • You must be logged in to reply to this topic.
en_USEnglish
arArabic en_USEnglish