Forum Discussion
Bulk change users from synced to cloud only
Hi Vasil,
Thanks for your reply. Am I correct that these would be the steps to follow?
1) disable DirSync via Set-ADSyncScheduler SyncCycleEnabled $false
2) Clear the immutableIDs of the accounts via Set-MSOLUser -UserPrincipalName username -ImmutableID "$null"
3) Run Azure AD Connect setup and remove the domain from the config
4) Re-enable the sync scheduler and run a full sync
Expected result: all accounts are now cloud accounts and have retained their last known password with no impact on user experience (no need to re-sign in in Outlook client, other office apps or outlook mobile app on Android)
Kind regards
Steve
No, step 1 should be disable DirSync on O365 side. Whether it's enabled on the AAD Connect server it makes no difference.
Oh wow that's quite an impact then seeing as this applies to about 50 users out of almost 2000... :-)
Also If I am not mistaken, you need to wait 72 hours to be sure it's really off and then re-enable it which can also, in theory, take up to 72 hours.
I tried the other way, to delete the user via O365 portal but system refuses since the account is still labeled 'synced with active directory'. The O365 portal tells me to delete user from on-prem AD which would be pointless since I can no longer reach that company's on-prem AD.
Would it work if I do it via powershell?
The 72h is what it will take in large organizations with hundreds of thousands of users, in general it should be much faster. But it's still something to keep in mind,
And yes, PowerShell will allow you to delete the users (Remove-MsolUser). You can restore them from either the portal or PowerShell. Did I mention that this workaround is in now way supported by Microsoft? :)