Skip to main content

Uninstalling the Microsoft Entra Connect Sync software left us with the On-Premises Directory Synchronization Service Account in Microsoft 365. Usually, the service account automatically gets removed. But this time it didn’t. The problem is that it shows it’s synced from on-premises and grayed out to delete. In this article, you will learn how to remove the On-Premises Directory Synchronization Service Account from Microsoft 365.

Introduction

The  Microsoft Entra Connect Sync install wizard  creates the On-Premises Directory Synchronization Service Account by default.

Read more about the service account:

  • Find Azure AD Connect accounts
  • Change Azure AD Connector account

When you uninstall  Microsoft Entra Connect Sync uninstallation , it can keep the service account in Microsoft 365. It’s also possible that the Microsoft Entra Connect Sync server failed to boot anymore, meaning it’s impossible to run the uninstall wizard, so the service account remains in Microsoft 365.

Check On-Premises Directory Synchronization Service Account in Microsoft 365

  1. Sign in to Microsoft 365 admin center
  2. Click on Users > Active Users
  3. Search for sync
  4. Find the On-Premises directory synchronization service account
  5. Click on the more action icon

The problem is that the Delete user is grayed out, which means you cannot remove it.

Note: The On-Premises Directory Synchronization Service Account appears as a synced from on-premises user account. But you will not find it in the on-premises Active Directory.

Remove On-Premises Directory Synchronization Service Account Microsoft 365

So, what is the solution, and how do we remove the On-Premises Directory Synchronization Service Account from Microsoft 365?

Remove On-Premises Directory Synchronization Service Account

Two methods exist to remove the On-Premises Directory Synchronization Service Account from Microsoft 365. Let’s look at both of the solutions.

Method 1. Microsoft Entra admin center

To remove the On-Premises Directory Synchronization Service Account from Microsoft 365 in Microsoft Entra admin center, follow these steps:

  1. Sign in to Microsoft Entra admin center
  2. Click on Identity > Users > All Users
  3. Right-click the On-Premises Directory Synchronization Service Account
  4. Click Delete
Remove On-Premises Directory Synchronization Service Account Microsoft Entra ID

Method 2. PowerShell

To remove the On-Premises Directory Synchronization Service Account from Microsoft 365 with Microsoft Graph PowerShell, follow the steps below:

  1. Start Windows PowerShell as administrator and  Install Microsoft Graph PowerShell module .
Install-Module Microsoft.Graph -Force
Install-Module Microsoft.Graph.Beta -AllowClobber -Force

Important: Always install the Microsoft Graph PowerShell and Microsoft Graph Beta PowerShell modules. That’s because some cmdlets are not yet available in the final version, and they will not work. Update both modules to the latest version before you run a cmdlet or script to prevent errors and incorrect results.

  1. You must  Connect to Microsoft Graph PowerShell with the correct permissions.
Connect-MgGraph -Scopes "User.ReadWrite.All"
  1. Run the Remove-MgUser cmdlet to delete the On-Premises Directory Synchronization Service Account from Microsoft 365.
Remove-MgUser -UserId "Sync_DC01-2019_d5d79537b1b8@exoip365.onmicrosoft.com"
  1. Verify that the user is successfully removed with the Get-MgUser  cmdlet.
Get-MgUser -UserId "Sync_DC01-2019_d5d79537b1b8@exoip365.onmicrosoft.com"

That’s it!

Leave a Reply