Azure Connect Error with single user

Question

I have an on-prem AD and have a sync issue on a single user which happens to be my account. I've tried forcing a full replication and unable to figure out why it's not syncing. I'm guessing that perhaps I've changed something in Azure that it let me, and now won't sync the local AD?

Any ideas how I can get this cleared? Not sure what 'access rights' it's looking for, or even tell if the failure is trying to update the Azure record or my local AD?

Appreciate any guidance on this. Thanks in advance!

Steve

Answer 1

Hi @Steven Stuart

It seems that the service account you used on your connector of on-premise domain in EntraConnect (Azure AD Connect old name), doesn't have permission to sync some attribute from Entra ID (Azure AD old name) to your on-prem domain.

In the last export you should have more details about Export Error which attribute is impacted.

---

Please don't forget to accept helpful answer

---

Answer 2

Hello @Steven Stuart ,

Thank you for reaching out Microsoft Q&A.

I understand that the export error for a single on-premises user is caused by a permission issue. Based on the error code, please refer to the below document for the cause and resolution.

Please refer to the document : https://learn.microsoft.com/en-us/troubleshoot/entra/entra-id/user-prov-sync/troubleshoot-permission-issue-sync-service-manager

Hope this helps. Do let us know if you any further queries.

---

If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Regards,
Goutam Pratti.