There is no data loss from this process but it will cause disruption to the user as the user account or identity management is now moved to Azure AD and will have a new password. So if the user was using Outlook on PC or accesses emails on mobile phone, they will need to update the password in these services so that they can continue to work successfully.
- Move the user (which you want to convert from AD-synced to cloud) to an OU that does not sync via Azure AD Connect.
- Wait for Azure AD Connect to connect or kick a sync off manually (Run the Start-ADSyncSyncCycle PowerShell command from the computer that has Azure AD Connect installed).
- After the sync runs, the user will appear in Deleted Users within the 365 Admin Center. Do not be concerned – there is no data loss with this process. The user/data is kept for 30 days if the user isn’t restored and we’re going to restore it now.
- Select the user and click on Restore User. Follow the wizard to set the password manually or have it auto-generate.
- Once you restore the user, it’ll show in Users -> Active Users in the 365 Admin Center.
- As a best practice, update the Immutable ID for the user on office365 to $null using below command.
Set-MSOLUser -UserPrincipalName [email protected] -ImmutableID "$null"
The process is now complete and the user has been converted from AD-synced to cloud-only.
Jason works as a project specialist at an IT MSP in Erie, Pennsylvania, USA. He’s an IT/security professional with 20 years experience.