We like to create new Microsoft Entra ID users in the company. Going through the…
Uninstall Azure AD Connect
We like to uninstall Azure AD Connect. The organization will no longer use Azure AD Connect to sync AD objects between on-premises AD and Microsoft Entra ID because the servers are moved to the cloud. This is when we like to delete Azure AD Connect. In this article, we will look at how to remove Azure AD Connect from server.
Table of contents
Locate Azure AD Connect server
Before you start, you must know on which server the Azure AD Connect software is installed. That’s because you must sign in on the server to proceed further with disabling synchronization and uninstalling the software.
Read the article How to find Azure AD Connect server.
Turn off directory synchronization
Disable directory synchronization in two places:
- On-premises AD
- Microsoft Entra ID
Important: If you did migrate Azure AD Connect to a new server and now want to uninstall Azure AD Connect, you should skip the steps to turn off directory synchronization because you need that. Only follow the steps at the end to uninstall Azure AD Connect.
Turn off directory synchronization in on-premises AD
Sign in to the Windows Server, where you have Azure AD Connect installed and configured.
Start PowerShell as administrator and run Import-Module ADSync cmdlet.
Import-Module ADSyncRun the Set-ADSyncScheduler cmdlet to stop the synchronization.
Set-ADSyncScheduler -SyncCycleEnabled $falseCheck that on-premises directory synchronization is disabled.
Get-ADSyncScheduler | ft SyncCycleEnabledThe value False should appear.
SyncCycleEnabled
----------------
FalseTurn off directory synchronization in Microsoft Entra ID
Start Windows PowerShell as administrator and Install Microsoft Graph PowerShell module.
Install-Module Microsoft.Graph -ForceInstall-Module Microsoft.Graph.Beta -AllowClobber -ForceImportant: Always install the Microsoft Graph PowerShell and Microsoft Graph Beta PowerShell modules. That’s because some cmdlets are not yet available in the final version, and they will not work. Update both modules to the latest version before you run a cmdlet or script to prevent errors and incorrect results.
Now, Connect to Microsoft Graph PowerShell with the correct permissions.
Connect-MgGraph -Scopes "Organization.ReadWrite.All"Turn off directory synchronization and convert your on-premises synchronized users to cloud-only. Run the Update-MgBetaOrganization cmdlet to stop the synchronization.
$OrgID = (Get-MgOrganization).Id
$params = @{
onPremisesSyncEnabled = $false
}
Update-MgBetaOrganization -OrganizationId $OrgID -BodyParameter $paramsNote: It may take up to 72 hours to complete deactivation once you have disabled on-premises directory synchronization through this cmdlet. The time depends on the number of objects that are in your cloud service subscription account. You cannot cancel the disable action. It needs to be completed before you can take any other action, including re-enabling on-premises directory synchronization. If you choose to re-enable on-premises directory synchronization, a full synchronization of your synced objects will happen. This may take a considerable time, depending on the number of objects in your Active Directory.
Check that on-premises directory synchronization is disabled in Microsoft Entra ID.
Get-MgOrganization | Select-Object DisplayName, OnPremisesSyncEnabledThe OnPremisesSyncedEnabled property should appear as a null (empty) value.
DisplayName OnPremisesSyncEnabled
----------- ---------------------
EXOIPUninstall Azure AD Connect from server
To uninstall Azure AD Connect from the server, follow the below steps:
1. Click on Start > Control Panel > Programs and Features.
2. Click on Microsoft Azure AD Connect and press on Uninstall.
Note: The wizard will uninstall the supporting components: Microsoft Azure AD Connect Health agent for sync, Microsoft Azure AD Connect synchronization services, and Microsoft SQL Server.
3. The Uninstall Azure AD Connect wizard shows up. Check the checkbox Also uninstall supporting components. Click Remove.
4. Give it a couple of minutes, and you will see the green checkmarks. Azure AD Connect is successfully uninstalled. Click Exit.
5. Verify that Azure AD Connect is removed from the Programs and Features list.
6. Start File Explorer. Go to C:\Program Files. Right-click Microsoft Azure AD Sync folder and click on Delete to remove Microsoft Azure AD Sync folder.
7. In File Explorer, navigate to the C:\Users folder. Remove the ADSyncMSA_ folders. You may see folders with the prefix AAD_. If so, remove these — more information about the ADSync service account.
Azure AD Connect is successfully removed. Did this help you to remove Azure AD Connect from server?
Read more: Upgrade Azure AD Connect »
Conclusion
You learned how to uninstall Azure AD Connect. First, disable directory synchronization in Active Directory on-premises and Microsoft Entra ID. After that, go through the Azure AD Connect uninstall wizard. As of last, delete Azure AD Connect folders in File Explorer. You can always reinstall Azure AD Connect on the same server.
Did you enjoy this article? You may also like Force sync Azure AD Connect with PowerShell. Don’t forget to follow us and share this article.
What Others Are Reading
Hi Ali,
thanks for this great tutorial. i have a question if i uninstall Azure AD Connect what happens to the users and groups in the on premise ad, we have special case were we have to use on premise users and the ms365 users separated after the uninstall.
Thanks
David
Thanks for the great write up.
Do you happen to know whether it’s possible to stop synchronizing an individual user? I have a case where some users will be migrating to a new tenant but before doing so, i want to stop sync’ing these users with my on-prem AD.
We have AD Sync connect on a Windows 2008R2 server which no longer syncs to Azure/365. We are unable to fix the issue and syncing has completely stopped. What is the best method left for me to convert all live users with a 365 subscriptions from on-premise account to cloud accounts?
Hi Ali,
We have the same situation to move from on-prem to Azure AD and being server less.
Once I stop the local sync, all “On-premises sync enabled objects should change from Yes to No” in Azure AD.
Also moving forward, I will have to create all accounts in Azure AD. Is this statement correct?
The catch is, we want Okta to be the profile master and push all accounts to O365, Microsoft Entra ID.
Can you kindly advise?
That’s correct.
Thanks for the guide. Really Helpful
Hi,
I would like to make sure. by uninstall Azure Sync Tool / Azure Connect it will unsync between Azure AD and OnPremise AD.
1. Will my account with Business Standard for mailbox, OneDrive will be deleted because in admin.microsoft.com Sync Status for each users are all “sync from on-premises”?
2. Will I get the ability to reset the password in user side, as of now all of my user cannot reset password by their own and need my help as an admin.
1. No, the accounts will stay and will not delete. The status will change from “Synced from on-premises” to “In cloud”.
2. If you have a hybrid deployment or cloud-only, you can configure that users can reset their passwords. Read more in the article Enable Self-Service Password Reset.
Hello Ali
This is a great guide. Thank you very much.
Just once again to be sure, already synched Accounts (based on On-Premise) will not be deleted in M365?
We had a Server Crash and we cannot restore from a Backup. So we would like to delete the Synch to just use Azure and no more On-Premise.
Thank you for your help!
Greetings from Switzerland
Hi Martin,
No, it will not delete the objects in the cloud.
However, you must “Turn off directory synchronization in Microsoft Entra ID” (shown in the article). So you need to connect to Microsoft Entra ID with PowerShell and disable directory synchronization.
Note that it may take 72 hours for the deactivation to be completed.
After that, you’re all set.
Thank you very much for your Time.
I just deactivated following your article.
I will see in some hours if it works.
I would be glad to donate a little amount if you have a PayPal or something.
Just as a small Thank you.
Hey, thanks for this. I’ve successfully migrated AAD Connect to a new server – everything is syncing great and reporting healthy (thanks for that migration guide). On the old server, AAD Connect and all components have been uninstalled via the Control Panel. I am now receiving “unhealthy” notifications from Azure Connect Health referencing the old server. Can you please advise how best to clean this up, without impacting the new configuration? Thanks.
The Microsoft Entra admin center should automatically remove the AAD Connect server after uninstalling the AAD Connect software. If that doesn’t happen, you get these notifications.
You can sign in to the Microsoft Entra admin center and navigate to the Microsoft Entra Connect Sync section. It will show the new AAD Connect server as healthy, and the old AAD connect server as unhealthy. Remove the old AAD Connect server.
Just want to double-check, so before removing Azure ADC we would need to ensure that new user objects were created in Microsoft Entra ID as the sync’d objects would not really be useful going forward.
Would this be a fair statement?
Thanks in advance
Hi Ali, Thanks for the article.
So after removing the Azure AD Connect – we can change password, make changes to user accounts, groups in M365 directly right?
As with Azure AD Connect in place we cannot make changes to M365, all changes gets synced from Local AD.
Thanks,
Jatin
Hi Jatin,
That’s correct. As long as your AD (Authority) is on-premises, you should keep Azure AD Connect and manage everything on-premises.
Suppose there is no need anymore to manage users from on-premises and no longer require directory synchronization or password synchronization. In that case, you can uninstall Azure AD Connect and manage everything in Microsoft 365.
Awesome guide!
thanks for sharing.
Thanks for the tutorial Ali, great content.