Hey all, my org is in the process of migrating our hybrid Microsoft entra ID identies to cloud only. I have been using a few test accounts to see how best to migrate user accounts, shared mailboxes, and groups to cloud only accounts from active directory. I tested changing the cloud status of a user account that is seen as a share mailbox in exchange online by using graph explorer to patch the user account to cloud managed. This seems to have worked and remoced the hybrid connection so the accounts are no longer synced. However, the account is showing as disabled when I try to access from my mailbox as a delegate for exchange online.
I have tried using powershell to change the user account control status so that it is enabled but it seems that the accountdisabled status will not be removed. The on premise user account was disabled before I changed the status via graph explorer so I think something is stuck and won't update. I did try using another test account which was disabled then I enabled in AD and waited some time before patching the cloud status using graph explorer. The same issue happens where even when forcing a change in powershell the disabled status won't go away. I even tried to block sign in, wait 15-20 min and enabled sign in to see if it would update but it did not seem to work
I guess I have 2 questions regarding this issue.
Is using graph explorer to remove the hybrid sync the best option to migrate AD account to entra ID given this issue?
Is there a method to update the disabled user account to enable using powershell or any other method?
Any help is appreciated!