Azure sync errors - DeletingCloudOnlyObjectNotAllowed

Hello. My problem is errors in synchronization between AD - AAD. The error type is: DeletingCloudOnlyObjectNotAllowed I have already browsed threads with such a problem, but the Object GUID that ...

Kidd_Ip

MVP

Jan 26, 2024

VolTwins

Better to locate the affected object first:

Get-AzureADUser -All $true | Select-Object -Property UserPrincipalName,ObjectId,ImmutableId,DirSyncEnabled

VolTwins

Copper Contributor

Jan 26, 2024

Kidd_Ip rastok

People have been exported with the DirSyncEnabled attribute set to false:

Get-AzureADUser -All $true | Select-Object -Property UserPrincipalName,ObjectId,ImmutableId,DirSyncEnabled | Where-Object { $_.DirSyncEnabled -eq $false }

We are interested in ImmutableId, we should change these values to null for all UserPrincipalName to break communication between AD-AAD:

Get-AzureADUser -All $true | Where-Object { $_.DirSyncEnabled -eq $false } | ForEach-Object { Set-AzureADUser -ObjectId $_.ObjectId -ImmutableId $null }

However, after entering this command (forcing ImmutableId to be null), nothing changes and the effect is still the same as in the photo above

In my case, this is not entirely possible, because this value is managed by the system / limitations of the platform itself? At least that's what I found out, but I'm not sure

Forum Discussion

Azure sync errors - DeletingCloudOnlyObjectNotAllowed

Resources