Forum Discussion
Azure sync errors - DeletingCloudOnlyObjectNotAllowed
Hello. My problem is errors in synchronization between AD - AAD. The error type is: DeletingCloudOnlyObjectNotAllowed
I have already browsed threads with such a problem, but the Object GUID that is included in my case is not any group or user, so I could simply delete this Object GUID, when another synchronization is performed, the Object GUID changes every time (during each synchronization it's changing)
I know that if it was a user or group, you should set the "DirSyncEnabled" attribute to false and change the value to null in "ImmutableId", but as I repeat, in my case it is not any group or user
I'm asking for help because I don't know how to solve these synchronization problems
Best regards
- rastokBrass ContributorIt is strange that the Object GUID keeps changing on each sync cycle and makes it difficult to correlate. Have you tried to run idfix to find any issues? You can also try to run Get-AzureADUser | Where {$_.DirSyncEnabled -eq $null} | Set-MsolUser -ImmutableId “$null” just to set all immutables to $null.
Better to locate the affected object first:
Get-AzureADUser -All $true | Select-Object -Property UserPrincipalName,ObjectId,ImmutableId,DirSyncEnabled
- VolTwinsCopper Contributor
People have been exported with the DirSyncEnabled attribute set to false:
Get-AzureADUser -All $true | Select-Object -Property UserPrincipalName,ObjectId,ImmutableId,DirSyncEnabled | Where-Object { $_.DirSyncEnabled -eq $false }
We are interested in ImmutableId, we should change these values to null for all UserPrincipalName to break communication between AD-AAD:
Get-AzureADUser -All $true | Where-Object { $_.DirSyncEnabled -eq $false } | ForEach-Object { Set-AzureADUser -ObjectId $_.ObjectId -ImmutableId $null }
However, after entering this command (forcing ImmutableId to be null), nothing changes and the effect is still the same as in the photo above
In my case, this is not entirely possible, because this value is managed by the system / limitations of the platform itself? At least that's what I found out, but I'm not sure