Entra : API-driven inbound provisioning to on-premises AD - Unable to assign Manager

Linu John 0 Reputation points
2025-01-24T09:52:35.63+00:00

We have configured API-driven inbound provisioning to the on-premises Active Directory (AD), and it is functioning as expected. However, we have identified an issue: whenever a new user is created using the provisioning API, attempting to assign a manager who is an existing user in AD located in a different organizational unit (OU) results in the following error.

However, this issue does not occur when assigning a manager who was created through the provisioning service, even if they exist in a different BU .

Error Message from provisioning Log

We were unable to assign @xxx.com as the manager of xxxx@xxx.com . In order to ensure that the references are updated properly, you have two options. First, ensure that xxxx@xxxxx is in scope for provisioning. Provision x*@xxx.com on-demand and then provision xxxx@xxxxx on-demand. Alternatively, you can restart provisioning after ensuring that *****@xxx.com is in scope for provisioning.

PropertyName

manager

SkipReason

UnableToResolveReferenceAttributeValue

manager Add

The error is asking to do scoping on-demand however on-demand scoping feature is not available in API-driven inbound provisioning .

Microsoft Entra
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.