If your organization has decided to discontinue the use of on-premises Active Directory (AD) due to a complete migration to the cloud, you might be concerned about how to transition synchronized users to cloud-only accounts without impacting their access to Microsoft 365 services. This article will guide you through the process of converting synced users to cloud-only users, ensuring that there is no disruption to their mailbox, SharePoint, OneDrive, Teams, or other SaaS application access.
Introduction
In scenarios where an on-premises AD no longer has any dependencies, organizations may choose to fully embrace the cloud by converting their synchronized users in Microsoft Entra ID (formerly Azure AD) to cloud-only users.
This migration can be seamlessly achieved using the Entra ID Connect synchronization service, ensuring that users retain uninterrupted access to all Microsoft 365 workloads and cloud-based applications.
Step-by-Step Guide to Disabling Microsoft Entra ID Synchronization
The following steps will walk you through the process of disabling Entra ID synchronization using PowerShell to connect to your Microsoft 365 tenant:
- Prepare the Environment:
- Ensure that your on-premises AD no longer has dependencies that require synchronization with Microsoft 365.
- Verify that all workloads have been successfully migrated to the cloud and that all users can access their necessary applications and services.
- Install the Required PowerShell Modules:
- Open PowerShell as an administrator.
- Install the Azure AD module using the following command
Install-Module AzureAD
- Install the MSOnline module (optional but recommended) using the following command
Install-Module MSOnline
- Connect to Your Microsoft 365 Tenant:
- Use the following command to connect to your Microsoft 365 tenant
Connect-MsolService
- Use the following command to connect to your Microsoft 365 tenant
- You will be prompted to enter your Global Administrator credentials.
- Disable Directory Synchronization:
- To disable directory synchronization, run the following command
Set-MsolDirSyncEnabled -EnableDirSync $false
- To disable directory synchronization, run the following command
- This command stops the synchronization between your on-premises AD and Microsoft Entra ID.
- Verify Synchronization Status:
- Check the synchronization status to confirm that directory synchronization has been disabled
(Get-MsolCompanyInformation).DirectorySynchronizationEnabled
- The output should return
False
, indicating that synchronization is disabled.
- Check the synchronization status to confirm that directory synchronization has been disabled
- Convert Synchronized Users to Cloud-Only Users:
- After disabling synchronization, Microsoft Entra ID will automatically convert the synchronized users to cloud-only users.
- These users will retain their access to all Microsoft 365 services, including their mailboxes, SharePoint, OneDrive, Teams, applications, and groups.
Conclusion
By following these steps, you can successfully transition from an on-premises AD to a fully cloud-based environment without impacting user access to Microsoft 365 services.
The process ensures that all synchronized users are smoothly converted to cloud-only users, allowing your organization to operate entirely in the cloud.
This migration process is essential for organizations looking to streamline their identity management by eliminating the need for on-premises infrastructure.
With the power of Microsoft Entra ID and careful planning, you can ensure a seamless transition for your users.
Need Assistance?
If you need any help with your migration or have questions about the process, feel free to reach out. I’m here to assist you with all your Microsoft 365 security and compliance needs.
support@ngcloudsecurity.com