Jan 25 2024 06:09 AM
Hello. My problem is errors in synchronization between AD - AAD. The error type is: DeletingCloudOnlyObjectNotAllowed
I have already browsed threads with such a problem, but the Object GUID that is included in my case is not any group or user, so I could simply delete this Object GUID, when another synchronization is performed, the Object GUID changes every time (during each synchronization it's changing)
I know that if it was a user or group, you should set the "DirSyncEnabled" attribute to false and change the value to null in "ImmutableId", but as I repeat, in my case it is not any group or user
I'm asking for help because I don't know how to solve these synchronization problems
Best regards
Jan 25 2024 07:00 AM
Jan 25 2024 10:17 PM
Better to locate the affected object first:
Get-AzureADUser -All $true | Select-Object -Property UserPrincipalName,ObjectId,ImmutableId,DirSyncEnabled
Jan 26 2024 04:12 AM
People have been exported with the DirSyncEnabled attribute set to false:
Get-AzureADUser -All $true | Select-Object -Property UserPrincipalName,ObjectId,ImmutableId,DirSyncEnabled | Where-Object { $_.DirSyncEnabled -eq $false }
We are interested in ImmutableId, we should change these values to null for all UserPrincipalName to break communication between AD-AAD:
Get-AzureADUser -All $true | Where-Object { $_.DirSyncEnabled -eq $false } | ForEach-Object { Set-AzureADUser -ObjectId $_.ObjectId -ImmutableId $null }
However, after entering this command (forcing ImmutableId to be null), nothing changes and the effect is still the same as in the photo above
In my case, this is not entirely possible, because this value is managed by the system / limitations of the platform itself? At least that's what I found out, but I'm not sure