Reputation: 1407
Azure Entra Connect Cloudsync - User not synced to OnPremise Active Directory
i have set up an Azure Entra Connect Cloudsync Agent on my local WinServer22 Active Directory Controller.
Groups are getting synced but not users. When syncing i get the following Message:
EntrySynchronizationSkip:
Result: Skipped
Description: The User 'xxxx' will be skipped due to the following reasons:
1) This object is not assigned to the application.
If you did not expect the object to be skipped,
assign the object to the application or change your scoping filter to allow all users
and groups to be in scope for provisioning.
2) This object does not have required entitlement for provisioning.
If you did not expect the object to be skipped,
update provisioning scope to 'Sync all users and groups'
or assign the object to the application with entitlement of provisioning category
3) This object did not pass a scoping filter.
If you did not expect the object to be skipped, please review your scoping filters
and ensure that the object passes your specified scoping criteria.
The scope evaluation result is: {"On-prem Owned Users.dirSyncEnabled IS TRUE":false}
SkipReason: NotEffectivelyEntitled
IsActive: True
Assigned to the application: False
IsInProvisioningScope: False
ScopeEvaluationResult: {"On-prem Owned Users.dirSyncEnabled IS TRUE":false}
Happens to All Entra Users. What is the Application in the Context of "Assigned to the application: False" and where can i set the param "On-prem Owned Users.dirSyncEnabled" if its currently false?
Thank you
Upvotes: 2
Views: 4365
Answers (1)
Reputation: 7614
If you did not expect the object to be skipped,
assign the object to the application or change your scoping filter to allow all users
and groups to be in scope for provisioning.
As per the above error message, scoping filter is not enabled for syncing users from On-prem AD to Azure AD. make sure to select all users under the scoping filter to sync all users and groups.
To sync users and groups from On-Prem AD to Azure AD using Cloud Sync, you can follow the steps below.
- Install and connect the Cloud Sync agent on On-Prem Server.
- After completing the agent configuration, verify the agent status.
- To synchronize all users and groups to
Azure AD, choose the All users option.
- Restart the sync once you select the scoping filters
- The users and groups are synced to Azured Ad successfully.
If Dirsync is disabled, you may enable Dirsync using below command.
Install-Module MSOnline
Set-MsolDirSyncEnabled -EnableDirsync $True
Reference: Create a new configuration for Microsoft Entra Cloud Sync
Turn on directory synchronization
Upvotes: 2
Related Questions
- IsSoftDeleted always return null - Azure AD provisioning
- Azure Entra ID Authentication Requiring Admin Consent
- Scoping filter for user provisioning based on group membership
- Validate a username and password against Active Directory?
- Azure Active Directory SCIM: Deprovision member of a group not working
- What are the differences between LDAP and Active Directory?
- On prem Active directory synced to Azure AD to allow on prem credentials to login to the portal