Removing Unwanted Office 365 Directory Synchronizations -- Redmondmag.com

Removing Unwanted Office 365 Directory Synchronizations

With help from the Microsoft Office Services Sign-In Assistant, you can delay or pause synchronizations in Office 365.

By Brien Posey
11/30/2017

Several months ago, I was asked by one of Microsoft's subsidiaries to create some educational videos related to Microsoft Azure and Office 365. I won't bore you with all of the details of the production, but one of the topics that I ended up covering was directory synchronization for Office 365. Although I managed to get the video project finished, it ended up being such a massive undertaking that I was working right down to the last minute, and thought for sure that I was going to end up missing my flight home. Thankfully, there was just enough time to save all of my work, and get out the door ahead of rush-hour traffic.

A few days after arriving back home, I realized that I had been a little bit too hasty in my departure. The problem was that for various reasons, I had to use my real Office 365 account for some of the videos, rather than using a trial account or a lab account (it's a long story). In doing so, I had established Active Directory synchronization between my production Office 365 account, and a lab-based Active Directory environment. The problem was that I forgot to break the synchronization before deleting my lab environment. Even today, Office 365 still nags me with synchronization errors like the one shown in Figure 1.

**[Click on image for larger view.]** *Figure 1.* Office 365 is still producing synchronization errors.

Because of an extremely busy schedule, I just have not had time to fix this problem. However, now seems like as good of a time as any, so I wanted to bring you along for the ride, and show you how to remove an unwanted directory synchronization.

The first step in breaking the unwanted directory synchronization is to download and install the Microsoft Online Services Sign-In Assistant for IT Professionals. You can download bot the 32-bit and the 64-Bit version here.

When the download completes, launch the Microsoft Online Services Sign-in Assistant Setup Wizard. This wizard, which you can see in Figure 2, is simple to install.

**[Click on image for larger view.]** *Figure 2.* The Microsoft Online Services Sign-In Assistant Setup Wizard is really easy to use.

Once the Microsoft Office Services Sign-In Assistant is installed, click on the Windows Start button, and then type Azure. You should see the Microsoft Azure Active Directory Module for Windows PowerShell listed among the search results, as shown in Figure 3. Go ahead and open the Microsoft Azure Active Directory Module for Windows PowerShell.

**[Click on image for larger view.]** *Figure 3.* You will need to launch the Microsoft Azure Active Directory module for Windows PowerShell.

The next step in the process is to establish connectivity to Office 365. To do so, enter these commands:

$Cred=Get-Credential

  Connect-MsolService -Credential $Cred

The first line of code listed above will prompt you to enter a set of credentials. Be sure to use your administrative credentials for Office 365. The second line of code uses those credentials to establish connectivity to Office 365 from PowerShell. You can see what this looks like in Figure 4. Incidentally, if you want to verify that the connection is working, you can use the Get-MsolUser cmdlet to retrieve a list of your Office 365 user accounts.

**[Click on image for larger view.]** *Figure 4.* This is how you connect to your Office 365 environment using PowerShell.

Now that you have successfully connected to Office 365, the last step is to disable Office 365 directory synchronization. To do so, enter the following command:

Set-MsolDirSyncEnabled -EnableDirSync $false

You can see what this command looks like in Figure 5.

**[Click on image for larger view.]** *Figure 5.* This is the command that disables directory synchronization.

When you disable directory synchronization, the change is not reflected immediately. The Office 365 Admin Center will continue to show that directory sync is enabled for a period of time, but should eventually reflect your change, as shown in Figure 6.

**[Click on image for larger view.]** *Figure 6.* Directory synchronization is now disabled.

About the Author

Brien Posey is a 22-time Microsoft MVP with decades of IT experience. As a freelance writer, Posey has written thousands of articles and contributed to several dozen books on a wide variety of IT topics. Prior to going freelance, Posey was a CIO for a national chain of hospitals and health care facilities. He has also served as a network administrator for some of the country's largest insurance companies and for the Department of Defense at Fort Knox. In addition to his continued work in IT, Posey has spent the last several years actively training as a commercial scientist-astronaut candidate in preparation to fly on a mission to study polar mesospheric clouds from space. You can follow his spaceflight training on his Web site.

Featured

Cisco Warns of Brute Force Attacks Targeting VPNs and Firewalls

Cisco has revealed that a global increase in brute force attacks targeting Virtual Private Networks (VPNs) and other devices is currently taking place.
What's Inside Microsoft 365's Security Toolbox?

Microsoft provides plenty of native tools to secure Microsoft 365. IT pros just have to know where to look.
Microsoft Kills 30-Day Data Retention Policy for Copilot in Fabric

Microsoft this week announced several usability improvements coming to Copilot in Fabric in preparation of its general availability release later this year.
Using Microsoft Office to Build a Network Diagram 2

Now that we've set up our process, let's dig in with the actual execution.
Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.