Microsoft’s Azure AD Connect is a great tool that allows admins to sync Active Directory credentials from local domain environments with Microsoft’s cloud (Azure/Office 365), eliminating the need for users to maintain separate passwords for each.
While not a common occurrence, there may be reasons that you would need to remove Microsoft’s Azure AD Connect utility from your environment. This can be achieved in a few short steps and involves both removal from the local domain environment as well as deactivating the service in the cloud.
Step 1
Open PowerShell (Run as Administrator).
Step 2
Install Microsoft Online module for Azure Active directory using the following command:
Install-Module -Name MSonline
If prompted to continue, input “Y” and press enter. Any subsequent confirmations can be accepted by inputting “A” for “Yes to All” and pressing Enter.
Step 3
Input login credentials using the following PowerShell command:
$msolcred = get-credential
You will be prompted to authenticate. Use the global administrator account within your Office 365 tenant (ex. user@yourdomain.com) and the corresponding password.
Step 4
Initiate Connection to Office 365 using the following PowerShell command:
connect-msolservice -credential $msolcred
Step 5
Keep this PowerShell instance open, we will use it in later steps.
Step 6
Uninstall Azure AD Connect application (and services) from your local domain environment using Control Panel.
Step 7
Once you have AD Connect uninstalled, you will still need to disable the service through office 365. To do so, use the following PowerShell command.
Set-MsolDirSyncEnabled -EnableDirSync $false
You will be prompted to confirm, press Y to confirm and then press Enter.
Step 8
To verify that directory sync was fully disabled, use the following PowerShell command:
(Get-MSOLCompanyInformation).DirectorySynchronizationEnabled
A returned value of False will validate the deactivation.
Need to Reenable AD Connect?
If you ever need to reenable AD Connect, repeat the PowerShell procedures above and use the following command in place of step 7:
Set-MsolDirSyncEnabled -EnableDirSync $true
Please note depending on the size of your AD environment, you may have to wait several hours before Microsoft will allow you to reactivate. You can then reinstall and configure Azure AD Connect in your environment.