Forum Discussion
Convert On-Prem AD Users from Office 365/Azure AD to In-Cloud accounts
Hi We have currently setup a ADConnect Sync to Office 365, this is working well. We would like to start converting Sync'ed accounts in Office 365/Azure AD to "In Cloud" accounts. Can you advi...
You could terminate the account in Active Directory (which would terminate the account in AAD/O365) after forcing a delta sync, then login to O365 admin center and "reactivate" / "undelete" the account and assign it a license (if it doesnt remember the license it had).
There may be other routes, but I know that should accomplish what you need.
There may be other routes, but I know that should accomplish what you need.
Thanks Brent, I will try this out.
Paul
Paul
Hi
I have tried removing the user and re-adding however, this prompts me for a new password. Is there a way to move the user account from On-Prem AD to Azure AD?
Currently the users i want are using AD Connect, however most of the users do not need full AD accounts just email which is in Office 365. So we want to remove them from the local network only but keep in Azure AD.
Any ideas?
Paul
Brent is correct if you only need to convert a few accounts. When you recover the deleted user, it will ask you to set a new password since it is now "In Cloud" and not managed by your local AD sync.
It should also reconnect to the previously associated mailbox. You will have to provide the new temp password to your user and have them change at first logon.If you need to convert all to cloud, then the disabling of AAD Sync is the way to go.
Hi,
we have been using that method succesfully in the past.
Weirdly, now some users get deleted and need to be recovered repeatedly (within 10-30 minutes).
Unfortunately I haven't been able to identify what made these deletions stop.
Anyone experiencing this?
Thanks
Rocky
The authority for an AD Synced account will always be Active Directory, which means that management happens in AD. To make accounts (and that means ALL synced accounts at once) cloud managed accounts, you will need to disable directory syncing.
I have not done this so you MUST test this before implementation. Disabling and re-enabling will result in duplicate accounts. The command to use would be Set-MsolDirSyncEnabled –EnableDirSync $false.
This will work just fine. When you execute the command Set-MsolDirSyncEnabled –EnableDirSync $false. You disable the Dirsync (when you execute it can take up to 72 hours to get it done). After this all the users in the office365 tenant will keep there password what they have at that moment. Visualy it just removes the collum where it now says In Cloud/ Synchronized with active directory.
When you have done this you can execute the command get-msolcompanyinformation to check if the sync is really gone.
*note: the azure ad connect is still on the server so when you reboot that server there is a chance that the Sync will be enabled.
