I'm working in an organization that currently uses a hybrid Active Directory setup. Accounts are created on a local domain controller and synced with Azure AD multiple times a day. We're looking to eliminate the local AD entirely and operate solely with Azure AD. I wasn't involved in setting this up and I'm not an expert in the area, so I'm trying to find a clear method to make this transition. Does anyone have detailed steps or advice on how to accomplish this?
3 Answers
You might find this guide useful: [ITPro-Tips Guide](https://itpro-tips.com/convert-microsoft-365-synced-user-to-cloud-only/). Just a heads up though, there are some issues with this method, like losing the license temporarily and needing to restore mailboxes. So it’s worth considering an alternative.
Yeah, while it works, there are definitely drawbacks like the forced password reset and license issues.
To clarify, when you say to 'let the users convert to cloud only', does that mean I won’t need to take additional steps once I disable directory sync? It will automatically handle everything in Entra?
Turning off directory synchronization is usually the way to go. Once you do that, your users should automatically convert to cloud-only accounts. It can take up to 72 hours, especially for Microsoft to process this, but with smaller tenants (under 500 users), it tends to be quicker. Just remember, don’t attempt this if you have hybrid Exchange running! After turning it off, make sure to clear the immutableid. If you're managing workstations, consider using Intune for devices enrolled in Entra instead of Group Policy. For domain-joined workstations, we have good results factory resetting them using Autopilot, especially for Windows 11.
I’d hope there’s a better option than pretending to delete and restore a user. That sounds messy.