How to Remove On-Premises Directory Synchronization Service Account

Uninstalling the Microsoft Entra Connect Sync software left us with the On-Premises Directory Synchronization Service Account in Microsoft 365. Usually, the service account automatically gets removed. But this time it didn’t. The problem is that it shows it’s synced from on-premises and grayed out to delete. In this article, you will learn how to remove the On-Premises Directory Synchronization Service Account from Microsoft 365.

Introduction

The Microsoft Entra Connect Sync install wizard creates the On-Premises Directory Synchronization Service Account by default.

Read more about the service account:

• Find Azure AD Connect accounts
• Change Azure AD Connector account

When you uninstall Microsoft Entra Connect Sync uninstallation, it can keep the service account in Microsoft 365. It’s also possible that the Microsoft Entra Connect Sync server failed to boot anymore, meaning it’s impossible to run the uninstall wizard, so the service account remains in Microsoft 365.

Check On-Premises Directory Synchronization Service Account in Microsoft 365

1. Sign in to Microsoft 365 admin center
2. Click on Users > Active Users
3. Search for sync
4. Find the On-Premises directory synchronization service account
5. Click on the more action icon

The problem is that the Delete user is grayed out, which means you cannot remove it.

Note: The On-Premises Directory Synchronization Service Account appears as a synced from on-premises user account. But you will not find it in the on-premises Active Directory.

So, what is the solution, and how do we remove the On-Premises Directory Synchronization Service Account from Microsoft 365?

Remove On-Premises Directory Synchronization Service Account

Two methods exist to remove the On-Premises Directory Synchronization Service Account from Microsoft 365. Let’s look at both of the solutions.

Method 1. Microsoft Entra admin center

To remove the On-Premises Directory Synchronization Service Account from Microsoft 365 in Microsoft Entra admin center, follow these steps:

1. Sign in to Microsoft Entra admin center
2. Click on Identity > Users > All Users
3. Right-click the On-Premises Directory Synchronization Service Account
4. Click Delete

Method 2. PowerShell

To remove the On-Premises Directory Synchronization Service Account from Microsoft 365 with Microsoft Graph PowerShell, follow the steps below:

1. Start Windows PowerShell as administrator and Install Microsoft Graph PowerShell module.

Install-Module Microsoft.Graph -Force

Install-Module Microsoft.Graph.Beta -AllowClobber -Force

Important: Always install the Microsoft Graph PowerShell and Microsoft Graph Beta PowerShell modules. That’s because some cmdlets are not yet available in the final version, and they will not work. Update both modules to the latest version before you run a cmdlet or script to prevent errors and incorrect results.

2. You must Connect to Microsoft Graph PowerShell with the correct permissions.

Connect-MgGraph -Scopes "User.ReadWrite.All"

3. Run the Remove-MgUser cmdlet to delete the On-Premises Directory Synchronization Service Account from Microsoft 365.

Remove-MgUser -UserId "Sync_DC01-2019_d5d79537b1b8@exoip365.onmicrosoft.com"

4. Verify that the user is successfully removed with the Get-MgUser cmdlet.

Get-MgUser -UserId "Sync_DC01-2019_d5d79537b1b8@exoip365.onmicrosoft.com"

That’s it!

Read more: Disable Active Directory synchronization in Microsoft Entra ID »

Conclusion

You learned how to remove the On-Premises Directory Synchronization Service Account from Microsoft 365. There are two methods to complete the task. The solution is to remove the service account from Microsoft Entra admin center or with Microsoft Graph PowerShell. Both are perfectly fine.

Did you enjoy this article? You may also like How to enable Group Writeback in Microsoft Entra Connect Sync. Don’t forget to follow us and share this article.