Forum Discussion
azure ad hash sync
Hello,
I plan to do a hash sync as a test from a single OU. But if I find that I would prefer to stay separate and manage fully in the cloud, is it a good practice and ok to remove Azure AD hash sync after its been put in place?
If I do remove/uninstall hash sync, are the objects in the cloud simply marked as mastered in Azure?
Thank you
- No side effects in Onpremise directory . You will just have to turn off dir sync by using powershell and do some cleanup in AD. You will probably need to do some cleanup in the AAD tenant for cloud objects
https://docs.microsoft.com/en-us/microsoft-365/enterprise/turn-off-directory-synchronization?view=o365-worldwide.
- Hi
Password Hash sync is just an authentication method . If you are not satisfied with it you can simply migrate to another one . You will need to do some planning to be able to do that .
You can use Azure AD Connect to switch the sign-in method from password hash synchronization to Pass-through Authentication, for example . I f you do that Pass-through Authentication becomes the primary sign-in method for your users in managed domains. Keep it mind that all users' password hashes which were previously synchronized by password hash synchronization remain stored on Azure AD. So if you don't want that you will probably ask them to change their password to have new hashes .
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-password-hash-synchronization
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-whatis- Hi,
So I am actually asking if its ok to remove Azure AD Connect, once I have tested it. This would mean that there would no longer be a sync of objects and attributes between local and azure as you know.
I just don't know if the removal of Azure AD Connect can cause any side effects of things left over.
Thanks.- No side effects in Onpremise directory . You will just have to turn off dir sync by using powershell and do some cleanup in AD. You will probably need to do some cleanup in the AAD tenant for cloud objects
https://docs.microsoft.com/en-us/microsoft-365/enterprise/turn-off-directory-synchronization?view=o365-worldwide.
