As organizations continue to leverage cloud technologies, managing your directory synchronization becomes crucial. If you’re looking to disable on-premises Active Directory synchronization with Microsoft Entra ID (formerly known as Azure AD), you’ve come to the right place. This guide will walk you through the necessary steps using Microsoft Graph PowerShell, providing a future-proof solution as Microsoft transitions away from older modules.
Why Microsoft Graph Over MSONLINE?
As of December 2025, the old MSOnline endpoint will no longer accept your type of authentication. Additionally, access to the legacy MSOnline service may be restricted or deprecated in your tenant. Microsoft is gradually deprecating the MSOnline and AzureAD modules in favor of the newer Microsoft.Graph modules. Thus, if you’re stuck trying to fix errors related to these old modules, it’s time to switch to Microsoft Graph to avoid fighting a dead technology.
Prerequisites
- A Global Administrator role in Microsoft 365 / Entra ID.
- Microsoft Graph PowerShell SDK should be installed.
- Internet connectivity to access Microsoft Graph.
Step 1: Install Microsoft Graph PowerShell SDK
To start, clean up any old Graph or Azure modules:
Get-Module Microsoft.Graph* -ListAvailable
Get-Module Az.Accounts -ListAvailable
Get-Module AzureAD* -ListAvailable
Get-Module MSOnline -ListAvailableIf you find multiple older versions of Microsoft.Graph or Az, remove them with the following commands:
Uninstall-Module Microsoft.Graph -AllVersions -Force
Uninstall-Module Microsoft.Graph.Authentication -AllVersions -Force
Uninstall-Module Az.Accounts -AllVersions -ForceNext, ensure your PowerShell and .NET are supported. Run:
$PSVersionTableFor best results, use PowerShell 5.1 or PowerShell 7.x and .NET Framework 4.7.2 or higher.
Step 2: Reinstall the New Graph Module
In an elevated PowerShell, reinstall the Microsoft Graph module:
Install-Module Microsoft.Graph -Scope AllUsers -Force
Import-Module Microsoft.GraphTo import only the authentication part, use:
Install-Module Microsoft.Graph.Authentication -Scope AllUsers -Force
Import-Module Microsoft.Graph.AuthenticationConfirm the version with:
Get-Module Microsoft.Graph.Authentication -ListAvailableStep 3: Connect to Microsoft Graph
Use the following command to connect:
Connect-MgGraph -Scopes "Organization.ReadWrite.All"Be sure to sign in with your Global Administrator account and grant the requested permissions.
Step 4: Retrieve Tenant ID
To verify your connection, run the following commands:
Get-MgOrganization | fl
Get-MgOrganization | Select OnPremisesSyncEnabledStore your Tenant ID for later use:
$OrgID = (Get-MgOrganization).idStep 5: Disable Directory Synchronization
Now that you have your Tenant ID, run the command:
Update-MgOrganization -OrganizationId $OrgID -OnPremisesSyncEnabled:$falseThis disables synchronization; just note that it may take up to 72 hours to fully propagate.
Step 6: Verify Status
Check the status of your synchronization:
Get-MgOrganization | Select-Object DisplayName, OnPremisesSyncEnabledMake sure that OnPremisesSyncEnabled is set to False or Null. Users previously synced from on-prem AD should now be cloud-only accounts.
Step 7: Uninstall Entra Connect (Optional)
If you wish, you can uninstall Microsoft Entra Connect from your on-premises server:
- Navigate to Control Panel → Programs and Features, and uninstall Microsoft Entra Connect.
Important Notes
Keep in mind:
- Once disabled, features like password hash sync and pass-through authentication will stop functioning.
- Re-enabling sync requires reinstalling Entra Connect and going through Microsoft’s reset window.
- Document this change for compliance and operational records.
Summary
Using the Update-MgOrganization command allows administrators to disable directory synchronization in a modern and supported way, aligning with Microsoft’s focus on Graph-based management. For any ongoing IT support and management, consider reaching out for Managed IT Services or Unlimited Helpdesk Support to keep your systems running smoothly.
If you have any questions or need further assistance, contact us today!
