how to sever connection between 365 & AD

Copper Contributor

so we are trying to tidy up our AD (on prem) which is currently fully synched to our 365 cloud.

I want a user gone, but we want to keep their mailbox as a shared one, so I deleted their AD account, allowed the sync to go through, then restored their 365 account from deleted users and that seems to have done the job.

However everyday we now get synchronization errors from Microsoft regarding this account, so my questions are:

  1. did we do it correct and if so how do we fix the sync error from happening?
  2. if i did it completely wrong , how should i be doing it?

I have Googled away online and find so much conflicting issues, from keep the ad account to not possible to everything in between :(


Please someone help, thank you :)

4 Replies
The "correct" (and only supported) method would be to disable dirsync, make the changes (i.e. exclude the user from sync), and re-enable dirsync. What you did does the job, but it's an unsupported workaround.
Do you need "live" access to data within this mailbox? If you only need to keep it for compliance/retention purposes, consider using Inactive mailboxes instead:

@Vasil Michev 

hi, i couldn't see a simple way of disabling dir sync, unless i go in there untick the relevant boxes, resync, retick, resync - is that correct?

if i do that would it leave the 365 account there and what would happen when i turn dir sync back, what's to stop it from resyncing it self?

Sorry, I wasn't descriptive enough above. Once you disable dirsync, you can update the ImmutableID property of the user in M365, so it no longer "matches" against any on-premises object. You can actually do the same in the "workaround" scenario, if you are not bothered by the "unsupported" part of it.
ok, i have removed the immutableid from the object and will see what happens with that, thx