Forum Discussion

Deleted's avatar
Deleted
Oct 14, 2021

Separate On-Prem Account from Sync' Office 365 Account

Hi, I have a company that has some users that are on-prem, and have an account in Active Directory.  This company ALSO has a lot of mobile users that do NOT have\need an on-prem Active Directory Account, but they do have an Office 365 account.  (I'm not sure this is optimal setup, but it is what it is for now).

There is a user that no longer needs an on-prem AD account, but she needs to keep her Office 365 account.  Is there any way I can delete her on-prem account, and have it not 'break' her Office 365 account?  Essentially, I need to separate her from the on-prem AD, but keep her Office 365 account working properly.

Thanks for any advice

  • The only supported way to do this is to disable dirsync, move her user outside of the sync scope, re-enable dirsync. A faster, albeit unsupported method is to temporary delete the account in Office 365 then recover it from the Recycle bin therein. Once that's done, the account is considered a "disconnector" and you can remove the on-premises user. But again, not a supported scenario, use at your own risk.
    • Deleted's avatar
      Deleted

      Thanks, that's awesome.

      The first option you mentioned seems by far the most efficient, and almost 'too easy'.

      I could easily move that user account out of the OU that is being synchronized.

      Then, presumably the account could be deleted.

      Why do I have to disable dirsync as part of this process, as opposed to simply moving the account to a non-synchronized OU?  Sorry if that is a dumb question - I'm new to this process.

       

       

      VasilMichev 

      • Just moving the object to a different (out of scope) OU won't break the link with O365, in fact it will result in the O365 object being deleted. And to "break the link", the only supported method is disabling dirsync altogether.

Resources