Follow me on Twitter @AntonioMaio2

Sunday, June 26, 2016

How to Disable Directory Synchronization in Office 365

I was working with a test Tenant in Office 365 recently where I had previously configured Directory Synchronization from an on premise Active Directory domain (which actually lived in an Azure VM).  I had recently turned off the Azure VM that hosted the AD domain, and I was now getting Directory Sync errors in Office 365 - which made sense since the domain had not synchronized in a few days.  At the same time, I was getting more and more familiar with the new Office 365 Admin Console which is quite nice actually, but I'm still trying to figure out where everything is found.

I decided to deactivate Directory Sync in my tenant to get rid of the errors.  I know I had seen it before because I've activated and deactivated it many times as I've tested the feature for clients.  But I couldn't find where you do that in the new Admin Console.  Let's take a look.

New Office 365 Admin Console

Here I've logged into my tenant and you can see my Directory Sync errors in the top left of the dashboard.  A sync hadn't happened in 68 hours, which made sense because I had turned the Azure VM off.


If I click on the GEAR icon in the left menu, which represents Settings, I get several options:


I select DirSync Errors in the menu... and I get nothing:


I select Services and Add-Ins and again I get several options:


Select Directory Synchronization in order to (hopefully) manage our directory synchronization options, and then we click another link to get to DirSync Management:


And we get to a nice screen which gives us several status indicators about our Directory Synchronization status (including that it has not synced in 68 hours), but no option to deactivate it:


I clicked the Troubleshooting link thinking that perhaps the option to deactivate the sync process could be found there:

 
 
 
I ran the scans, but again no luck.  I could not find the option to deactivate the sync process, despite how much I searched through the new Admin Console.  At this point, I returned to the old Admin Console to check if the option was still there.

Old Office 365 Admin Console

Once in the old Admin Console, in the left menu click on Users, then Active Users and then next to the Active Directory Synchronization title click Manage and there was my Deactivate option, along with similar status indicators to what I saw in the new Admin Console:

 

 

We click on Deactivate and we get a confirmation screen:


We click Deactivate Now and, finally, we've deactivated Directory Synchronization.  As usual, we're back at our Active User screen which tells us that Directory Synchronization could take up to 72 hours to take effect.  From my experience, it actually happens much quicker than this.


PowerShell

Alternatively, we could simply use PowerShell to get the current status of the synchronization process and disable it.  Here is the process you can follow:
  1. Launch the Windows Azure Active Directory Module for Windows PowerShell (right click the icon and select Run as Administrator).
  2. Type Connect-MsolService to connect to your tenant.  When prompted, login with your administrator credentials.
  3. Type (Get-MsolCompanyInformation).DirectorySynchronizationEnabled to get the current state of the directory synchronization process.  Don't forget the brackets.  If the sync process is enabled it will return True.
  4. To disable the sync process type Set-MsolDirSyncEnabled -EnableDirSync $false.
  5. When prompted to confirm select Y.

You may then type the same command as step 3 to confirm that it was been disabled.  You should get False returned at this point.

(Get-MsolCompanyInformation).DirectorySynchronizationEnabled

Enjoy.
   -Antonio




3 comments:

  1. Hi Antonio, thanks for the useful article. Just one question which I'm trying to confirm. When the directory sync is disabled, does the user in Office 365 remain present with the same settings (and all contents)as their last sync?

    ReplyDelete
  2. Thanks Chris. Yes, if you disable the directory sync process in Office 365, all your sync'ed users remain present with their current configuration. In the Office 365 user management page, the 'Sync Type' column will simply change from 'Synced with Active Directory' to 'In cloud' for these users and the users will continue to exist as if you had created them originally in Office 365.

    ReplyDelete
  3. Thanks Antonio, What happens if we re-enable the Dirsync in portal? will the 'In Cloud' object changes the status to 'Synced with Active Directory'.

    ReplyDelete