The World According to Mitch

The day to day ramblings of an IT Professional (and so much more…)

Azure AD Connect: Starting Over

**DISCLOSURE: While I am contracted to Microsoft Corporation, I am not an employee. The articles that I write are not meant to represent the company, nor are they meant to represent me as an employee or spokesman for the company. As has always been the case, all articles on this website represent me and nobody else.

**NOTE: All of the command line entries in this article are performed in PowerShell. To differentiate between the PowerShell cmdlets and Command Line Interpreter commands, the PowerShell cmdlets are in blue, and the Commands are in black.

I am going to preface this article by saying that this is not something you should ever be doing in a production environment. I have a demo Azure Active Directory tenant that was connected to a demo local Active Directory Domain Server environment. For reasons I will not go into, my local ADDS environment was deleted. Oops! I had to rebuild my local environment.

I will also state at this point that there are very few use cases for this functionality… but after 17 years blogging I have come to realize that there are no unique issues… only common ones and rare ones. If I had to do it, you might need to do it as well.

AADCThe problem is this: Once the Azure AD Connect is configured, it is not readily apparent how to un-configure it. Nor it is something that you can just install on a new server and take over. As I rebuilt my ADDS environment, I found myself unable to configure Azure AD Connect for my tenant, because my tenant already had it installed.

Shortly after my local environment died, I started getting the following e-mail… daily:

image

Well of course it is not synchronizing… the synchronizing server is gone. I logged into the Azure AD portal and saw it as unhealthy… but there was no way to unconfigure it. That is what I was going to need in order to start fresh.

I have mentioned myriad times that there are many things that can be configured with Windows PowerShell that cannot be done in the GUI. That is equally true with the Cloud – Azure as well as Microsoft 365 – as it is with Windows Server.

I have also mentioned more than a couple of times that PowerShell syntax is simple – it is plain English, with a Verb-Noun structure.

What I might not have mentioned is that there are two of those verbs that so often work closely together. Get- and Set-, where the former gets you configuration information, and the latter lets you set those settings.

I was able to find that the cmdlets that configure the AD Connect settings all have the words DirSync in them. That was all the clue that I really needed. With that clue, here are the steps that I took to solve the problem:

Connect-AzureAD

Connect-MsolService

For each of these cmdlets, I was asked to authenticate. I entered the credentials of my Global Administrator account.

get-command *dirsync*

This listed all of my DirSync cmdlets… and there are only seven of them (four Get-, three Set-)

The one that looked most promising was the Set-MsolDirSyncEnabled cmdlet… the problem was that there was no Get-MsolDirSyncEnabled cmdlet. I decided to check the help for the Set- cmdlet, and discovered that there is an option for a Boolean…

Set-MsolDirSyncEnabled
-EnableDirSync <Boolean>
[-Force]
[-TenantId <Guid>]
[<CommonParameters>]

Okay, that was promising. If you can enable Azure AD Connect with the switch –EnableDirSync $true, could it really be as simple as that to disable it? Let’s try it out:

Set-MsolDirSyncEnabled –EnableDirSync $false

I went back to my Azure AD portal to look…

image

Where previously the Azure AD Connect portal page was reporting an unhealthy status, and the Last Sync was last week, it is now reporting that Azure AD Connect sync is not installed, and gives me the option to download it fresh.

On my newly created server I downloaded Azure AD Connect… not as easy as one might think, as Windows Server only comes with Internet Explorer 11, a browser not supported by the Azure portal. I had to click on this link to download it

Of course, once you do that, you can start right back where we began… and read this article to do that!

Advertisement

Mitch Garvis

, ,

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: