User provisioning skipped when removing user's attributes

Question

Whenever we remove a single user's attribute provisioning user is skipped - i.e. setting the manager or phone number to null, after synchronisation action gets completed we get the message in the logs that the state of the user in both the source and target systems already match, all though this is clearly not the case. Looking at the documentation https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/application-provisioning-config-problem-no-users-provisioned#provisioning-logs-say-users-are-skipped-and-not-provisioned-even-though-they-are-assigned does not give any clues about what might be the cause of this behaviour; we do not set scope filters, and all the attributes do get updated for both add and replace actions.

Target object actions are required for all actions: create, update and delete. Both delete and disable user works for us.

Is there anything in the setup that might be causing this kind of behaviour?

Answer 1

Presently, Azure AD Provisioning does not flow null/empty values into target directories. This means that an attribute that has a value will not have that value removed, even if the value is removed in Azure AD. This will be possible in the future, but I don't have an ETA that I can share unfortunately.

Answer 2

Hello, please Create a support request a properly address this issue or let us know if you need assistance doing so.