Disconnect users from Active Directory

When you disconnect users imported from Active Directory (AD), they become native Okta users. This is helpful when you need to edit user fields such as an email address, or you want to prevent updates from being automatically synchronized from AD. To return users to being AD mastered, reimport their information to link their Okta accounts to their AD accounts.

  1. In the Admin Console, go to Directory > People.
  2. Click More Actions > Disconnect From AD.
  3. Select one of the following options:
  • To disconnect specific users, select individual users and click Disconnect Selected.
  • To disconnect all users, click Disconnect All.

Users who are not mastered by AD are not disconnected when these options are selected.

  1. In the Disconnect People from Active Directory dialog box, select a password reset option and then click Disconnect People to start the disconnect job. If you select Don't reset passwords, users are locked out of Okta and are unable to sign in to Okta with their AD credentials.