You can use PowerShell to turn off directory synchronization and convert your synchronized users and groups to cloud-only. However, it isn’t recommended that you turn off directory synchronization as a troubleshooting step.
If your goal is to permanently disable synchronization in the tenant, you should first uninstall the synchronization client (such as Connect Sync or Cloud Sync). Disabling synchronization before uninstalling the sync client might result in the Entra Id Portal showing directory synchronization as disabled, but optional features such as Password Hash Synchronization show as enabled. Although this shouldn’t cause any issues, and the optional feature wouldn’t work when directory synchronization is disabled, it may lead to an unexpected status in the Portal.
# Install v1.0 and beta Microsoft Graph PowerShell modules
Install-Module Microsoft.Graph -Force
Install-Module Microsoft.Graph.Beta -AllowClobber -Force
# Connect With Hybrid Identity Administrator Account
Connect-MgGraph -scopes "Organization.ReadWrite.All,Directory.ReadWrite.All"
# Verify the current status of the DirSync Type
Get-MgOrganization | Select OnPremisesSyncEnabled
# Store the Tenant ID in a variable named organizationId
$organizationId = (Get-MgOrganization).Id
# Store the False value for the DirSyncEnabled Attribute
$params = @{
onPremisesSyncEnabled = $false
}
# Perform the update
Update-MgOrganization -OrganizationId $organizationId -BodyParameter $params
# Check that the command worked
Get-MgOrganization | Select OnPremisesSyncEnabledIf you use this command, you must wait 72 hours before you can turn directory synchronization back on. This process will clear the following on-premises properties:
- DnsDomainName
- NetBiosName
- OnPremisesDistinguishedName
- OnPremisesSamAccountName
- OnpremisesUserPrincipalName
No Comment! Be the first one.