@Abdulhamid Al-Bukhamseen
Thank you for posting this in Microsoft Q&A.
You can follow below steps to resolve this issue,
To fix this issue, you will have to match the on-premises object with Azure AD object.
If your Azure AD object has "Immutable ID" set in Azure, then you can follow below instructions.
Follow below steps to fix the issue,
- Open Windows PowerShell as administrator in any machine.
- Run command "Connect-Msolservice" (Enter global admin credentials)
- Now run command "Set-MsolDirSyncEnabled -EnableDirSync $false"
- Now run command "Set-MsolUser -UserPrincipalName <UPN of user in Azure AD >-ImmutableId "$null""
- Now once you set the Immutable ID value as Null, in On-premises DC you will have to move the user accounts to non-sync OU (OU's which are not syncing to Azure AD using AD connect)
- Now this will delete the user entry from AD connect.
- Once this is done, login to Azure AD portal and make sure you remove any roles which are assigned to users in Azure AD. As per below document AD connect will not link the on-premise account with Azure AD account if there is any admin role assigned to user account in Azure AD. https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/tshoot-connect-sync-errors#existing-admin-role-conflict
- Now enable sync in Azure AD tenant using command ""Set-MsolDirSyncEnabled -EnableDirSync $true""
- Now move the use account to sync scope OU in On-premise DC.
- Initiate a delta sync in AD connect server by running command in AD connect server as, Start-ADSYncSyncCycle -PolicyType Delta
Let us know if you are still seeing this issue so that we can work on this issue offline.
Please send us an email on azcommunity [at] microsoft [dot] com with Sub - Attn: Sandeg and following details in the email body:
Link to this thread/post
We can connect offline and discuss further on this.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.