cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Separate On-Prem Account from Sync' Office 365 Account

Deleted
Not applicable

‎Oct 14 2021 10:30 AM - last edited on ‎Feb 10 2023 02:36 PM by

‎Oct 14 2021 10:30 AM - last edited on ‎Feb 10 2023 02:36 PM by

Separate On-Prem Account from Sync' Office 365 Account

Hi, I have a company that has some users that are on-prem, and have an account in Active Directory.  This company ALSO has a lot of mobile users that do NOT have\need an on-prem Active Directory Account, but they do have an Office 365 account.  (I'm not sure this is optimal setup, but it is what it is for now).

There is a user that no longer needs an on-prem AD account, but she needs to keep her Office 365 account.  Is there any way I can delete her on-prem account, and have it not 'break' her Office 365 account?  Essentially, I need to separate her from the on-prem AD, but keep her Office 365 account working properly.

Thanks for any advice

Labels:
1,572 Views
0 Likes
6 Replies
Reply
6 Replies
Vasil Michev

‎Oct 14 2021 11:11 PM

‎Oct 14 2021 11:11 PM

Re: Separate On-Prem Account from Sync' Office 365 Account

The only supported way to do this is to disable dirsync, move her user outside of the sync scope, re-enable dirsync. A faster, albeit unsupported method is to temporary delete the account in Office 365 then recover it from the Recycle bin therein. Once that's done, the account is considered a "disconnector" and you can remove the on-premises user. But again, not a supported scenario, use at your own risk.
1 Like
Reply

‎Oct 17 2021 04:47 PM

‎Oct 17 2021 04:47 PM

Re: Separate On-Prem Account from Sync' Office 365 Account

Thanks, that's awesome.

The first option you mentioned seems by far the most efficient, and almost 'too easy'.

I could easily move that user account out of the OU that is being synchronized.

Then, presumably the account could be deleted.

Why do I have to disable dirsync as part of this process, as opposed to simply moving the account to a non-synchronized OU?  Sorry if that is a dumb question - I'm new to this process.

 

 

@Vasil Michev 

0 Likes
Reply
Vasil Michev

‎Oct 18 2021 08:40 AM

‎Oct 18 2021 08:40 AM

Re: Separate On-Prem Account from Sync' Office 365 Account

Just moving the object to a different (out of scope) OU won't break the link with O365, in fact it will result in the O365 object being deleted. And to "break the link", the only supported method is disabling dirsync altogether.
0 Likes
Reply

‎Oct 20 2021 07:13 AM

‎Oct 20 2021 07:13 AM

Re: Separate On-Prem Account from Sync' Office 365 Account

OK, so let me make sure I understand:
1. Moving the user out of the 'sync' OU to a 'non-sync' OU will result in the O365 object being deleted.
2. Stopping dirsync, then moving the user like in step #1, and then starting dirsync, will result in the user link being broken?

I think I am missing something but I want to confirm. Thanks so much @Vasil Michev
0 Likes
Reply
Vasil Michev

‎Oct 20 2021 09:04 AM

‎Oct 20 2021 09:04 AM

Re: Separate On-Prem Account from Sync' Office 365 Account

Yes. Technically, in scenario 2 the user will still be stamped with the ImmutableID of the on-premises object, but that's only "cosmetic".
0 Likes
Reply

‎Oct 20 2021 09:43 AM

‎Oct 20 2021 09:43 AM

Re: Separate On-Prem Account from Sync' Office 365 Account

Thanks. I never thought there would have been a difference between moving the object while dirsync was active, and when it was disabled. I would have guessed that dirsync would have simply detected the missing account upon startup, and O365 would have proceeded with the delete of the account. Your explanation is certainly a learning experience for me!
0 Likes
Reply