My organization is currently using a hybrid Active Directory setup, where we create accounts on a local domain controller and these are synced to Azure AD multiple times a day. We're looking to eliminate our local Active Directory altogether and switch to solely using Azure AD. This setup was in place before I started, and while I've done some research, I'm struggling with the specific steps to make this transition. Does anyone have a clear and definitive method to achieve this?
2 Answers
I've worked on many projects to remove on-prem infrastructure. To convert users to cloud-only accounts, you can simply turn off directory synchronization. It typically takes up to 72 hours for changes to reflect, although I've noticed it’s quicker for smaller tenants. Just remember to avoid doing this if you have a hybrid Exchange setup! After that, clear the immutable ID, and consider using Intune for managing workstations instead of Group Policy.
You might find some helpful info in this link: itpro-tips.com/convert-microsoft-365-synced-user-to-cloud-only/
That method works, but users lose their licenses for about 30 minutes, plus they have to reset their passwords.
There’s definitely a more straightforward way than deleting and restoring users. It's a bit clunky.
So after I disable directory synchronization, I just wait for it to update to cloud-only on its own?