This week I got an unusual request from my collegue. He was having some trouble disconnecting a PC from Azure AD. The client had ordered new PC’s which had to be added to the domain. But somehow, while setting them up, the client had used their Office 365 account to connect them to Azure AD. That probably happened somewhere during the initial setup.
Just so you know, Microsoft suggest that even if you are going to connect the PC to (Azure) AD, you first make a local account. The latest version of their wizard should also help you do so. Either way, the damage was done. And disconnecting the PC from Azure AD isn’t as easy as it sounds.
So how do you do it?
I wish I could give you one final solution to follow. But I can’t. I had to disconnect three devices from Azure AD and what worked for one device didn’t work for the other. But, you are here for solutions. So I’m offering you two possible ways to disconnect from Azure AD.
I am not going to go into detail, because I am writing this post in a hurry. However, a computer savvy person like you should have no problem figuring it out.
Creating a Local Account
The first method requires you to create a local admin account, which is then used when Microsoft prompts for an account that can “be used after disconnecting the PC”. So, here is what you do:
- While logged in as the AD User, create a new, local user
- Make sure to make the user an administrator
- Try to disconnect from the AD, using the newly created account when prompted
Using a Microsoft Account
Like I said, there is another way to “solve” this problem. I had to use this method when another machine refused to accept the local account as the “new go-to” account. The solution is to temporarely use a Microsoft account.
- Try to disconnect the PC from the Azure AD
- When prompted, provide a Microsoft account and password
- You’ll possibly be asked to provide some more info (ironically, it might now ask you to make a local user account…)
- You can now disconnect the device from the Azure AD
Once you have joined the company AD, make sure to remove the Microsoft account from the device. That means you will also have to remove the account from the Mail app unles you plan to be using it. But multiple Microsoft accounts on one device can also lead to problems and confusion so you might just want to remove all traces of it alltogether.
Hopefully these two methods help you to rejoin the company AD of your choice!