There are situations Directory Sync need to be stopped from On-Premise to Office 365. Generally, this can happen if you want your objects to be managed in Office 365 or you have a email cutover between office 365 to office 365 and don’t want to sync objects from source Office 365 tenant for easy manageibility.

I would suggest that Directory Sync disable should be done one or two days before and it is suggested to perform Password Hash Sync so that if you switch back from federated domain to managed then it won’t cause sudden issue to end users.

These need to be done at least 1-2 days before because Microsoft sometime doesn’t allow changes to Azure AD Connect server for up to 72 hours if another changes have been done and it may affect scheduled change.

NOTE : Login to Azure AD Connect server of Source Office 365 tenant before you make these changes, you need to stop services for safer side once below command runs successfully.

Run this on your Azure AD Connect source tenant and login with Global Administrator credentials :

Import-Module ADSync

Connect-MsolService

Set-MsolDirSyncEnabled -EnableDirSync $false

Now quickly Stop these services on AD Connect :

  • Azure AD Connect Health Sync Insights Service
  • Azure AD Connect Health Sync Monitoring Service
  • Microsoft Azure AD Sync

This will take effect in next few minutes and you will see in cloud that DirSync has been disabled.

 

adsync

You can run below command to verify, if Azure AD Connect Sync has been stopped in Office 365.

(Get-MSOLCompanyInformation).DirectorySynchronizationEnabled

Please let me know if you need any assistance on these and please slack me once you are done with change.

Thank you for reading !

 

Advertisements