Remove Active Directory forest from AADC

Copper Contributor

Hello,

I have a single instance of AADC setup that is syncing two separate AD forests into single tenant.

I would like to remove one of the forests from AADC, but I do not want the cloud users to be deleted. I would like them to be converted to cloud users.

Is there a process for this?

Thank you

2 Replies

Hi @Jason Gaffney 

AFAIK there is no way to prevent the (temporary) deletion of the synced objects when removing an AD forest from AAD Connect configuration.

You can, immediately after the removal, go into deleted users and restore them. At that point they will become cloud users and retain all their data, licenses, etc..

You might also want to check the deleted groups section for any groups that were affected by the AD forest removal.

Also AAD Connect has a deletion threshold to prevent accidental mass deletions. This is set by default at 500.

To remove this run Disable-ADSyncExportDeletionThreshold

After you're done, set it again via Enable-ADSyncExportDeletionThreshold -DeletionThreshold 500

@Steve Hernou 

 

 

Right, but deletion needs to be avoided as you have to reset passwords upon restoring, that's not a viable solution.

 

I have found that I was able to accomplish this by disabling ADsync in the tenant. This will convert all accounts to cloud accounts and retains passwords.

Then a clean AADC install on a new machine and soft match the needed accounts.

All accounts and password stay in tact without anything being deleted :)