Home Cloud Azure Disable AzureAD Sync

Disable AzureAD Sync

332
0
Reading Time: 3 minutes

While building out some labs for AzureAD, One issue I ran into was that Password Writeback hadn’t yet been configured in the environment, Rather than just enable it – For the reasons of a blog post. I decided I would break the AzureAD Sync from On-Premise to Azure. These are the following steps.

Image

Step One – MSOnline Powershell Module

I have a dedicated virtual machine that runs the AzureAD Sync Service, to be able to disable it we need to install the MSOnline Powershell Module.

Install-Module -Name 'MSOnline' -Verbose

Then we can run the following code:
NB: You will need to be a Global Administrator to perform this task.

Import-Module -Name 'MSOnline'
Connect-MSolService

Enter the Global Administrator Account details.

Firstly, to confirm what features are configured and enabled in the AzureAD Tenant we can run:

 Get-MsolDirSyncFeatures

This shows which features are Enabled.

Disable AzureAD Sync Status

To disable AzureAD Sync Status from your On-Premise environment run the following command:

Set-MsolDirSyncEnabled –EnableDirSync $False -Verbose

Checking AzureAD Sync Status

From Powershell, we can run the following command:

Get-MsolCompanyInformation

You can also check the AzureAD Sync Status in the Azure Active Directory Portal, From the AAD Dashboard select Azure AD Connect.

Enable AzureAD Sync Status

To disable AzureAD Sync Status from your On-Premise environment run the following command:

Set-MsolDirSyncEnabled –EnableDirSync $True -Verbose

Like any Azure product, time is never on our side, If you recive this error message its due to the pending sync waiting to apply from Sync disable state. To confirm this we can use the following command:

Get-MsolCompanyInformation | Select DirectorySynchronizationStatus

This can take up to 72 Hours to update, before you can re-enable the AzureAD Sync.

Coup

After waiting a couple of hours you can then re-enable the Sync

Set-MsolDirSyncEnabled -EnableDirsync $true 

Checking the Service Status with Powershell we cna see that its now enabled.

LEAVE A REPLY

Please enter your comment!
Please enter your name here