Office 365: What happens when you disable AD Connect?
Sometimes you just wonder what happens when you do something in a system. I wasn’t entirely sure what would if I disabled Active Directory synchronisation so I did it in my lab environment just to see.
Why would you want to do this?
More and more small businesses are decommissioning their old Small Business Servers and replacing them with a NAS box or micro server and SharePoint in 365. A business of ten PC’s or less may not require Active Directory and as such don’t need a server anymore. In this case you will have to disable any existing synchronisation.
Just one thing to note: If you have an Exchange hybrid configuration, you must home all exchange mailboxes in the cloud and disable the hybrid before starting. If a user has a mailbox in Exchange it WILL NOT AUTOMATICALLY MIGRATE TO 365!
In the 365 portal click Users then Active Users and you will see your accounts have a status of ‘Synched with Active Directory’. To disable this synchronisation click Manage.
Click Deactivate to start the process.
Here we get warned that the process will take up to 72 hours and during that time we cant make any changes. Click Deactivate Now if you are happy to continue.
Now we just wait until this deactivation message disappears.
Haray, we have now disabled Active Directory synchronisation, nothing too exciting huh? This is confirmed by checking that the status of all user accounts now show ‘In Cloud’ meaning the accounts are now fully cloud managed.
At this point you will want to go through and delete all of the system accounts and other clutter you don’t need anymore. From here you essentially you have an account which is standalone and no longer knows anything about your on-premises environment.
I hope someone finds this useful or even just a little bit interesting!
30th September 2016
Just wanted to say thanks for this – you’ve saved me loads of time testing to get the right answer.
1st October 2016
Thanks for taking the time to comment Dave and glad you found it useful.If you encounter any issues let me know.
14th June 2021
Excellent !!!
5th November 2016
Many thanks, worked a treat!
12th April 2018
even in 2018 – this post was appreciated
24th October 2018
Needs to be updated for the new UI. I cannot find the deactivate options.
12th November 2018
Thanks for the useful post. What happens to users passwords?
13th November 2018
Hi Saif, They stay the same as what they were before. No change.
25th February 2019
What happens to DL’s and mail enabled security groups that are synced?
10th December 2019
Can you please answer what happens to distribution lists and mail enabled security groups? Thanks!
6th February 2020
What will happen to synced DL’s managed by AD/2010? will it also create online objects?
26th February 2020
SO now we have an issue with our user’s accounts who were part of the Hybrid Config, there is an identity issue when those users log into the workstations, they still appear as a domain user SHELLCU because of a key still containing the on-premise AD environment/domain/controller
16th April 2020
Did anyone get the answer for the security groups and the DLs ?
Thank you in advance if anyone has the answer.
26th November 2020
Hi, in the new 365 environment there is no longer a manage button for active users. Can anyone please tell me how I can deactivate AD Sync ? Thanks very much.
25th January 2022
The same here! How to get it done ir 2022??
28th May 2021
Hi, My colleagues are using the domain login the window profile. The account is dir sync to the M365 portal. May I need to change the window profile if I need to destroy the domain and using the M365 email account to log in to the window? Thnaks!
14th November 2021
For all the guys, looking for the impact of disabling sync on DL’s; the DL’s are also retained, & the status turns to Cloud Only for them as well like the Users. 🙂
19th November 2021
Any advice on how to achieve this in the newer O365 UI? I cannot find a ‘Deactivate’ option anywhere.
16th December 2021
Probably a stupid question, will the password change on the email accounts? my guess is yes at some point anyway now its controlled by Office365