User provisioning skipped when removing user's attributes

Nikola Grkavac 26 Reputation points
2020-12-23T16:19:21.56+00:00

Whenever we remove a single user's attribute provisioning user is skipped - i.e. setting the manager or phone number to null, after synchronisation action gets completed we get the message in the logs that the state of the user in both the source and target systems already match, all though this is clearly not the case. Looking at the documentation https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/application-provisioning-config-problem-no-users-provisioned#provisioning-logs-say-users-are-skipped-and-not-provisioned-even-though-they-are-assigned does not give any clues about what might be the cause of this behaviour; we do not set scope filters, and all the attributes do get updated for both add and replace actions.

Target object actions are required for all actions: create, update and delete. Both delete and disable user works for us.

Is there anything in the setup that might be causing this kind of behaviour?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,103 questions
0 comments No comments
{count} vote

Accepted answer
  1. Danny Zollner 9,496 Reputation points Microsoft Employee
    2021-01-07T16:42:14.227+00:00

    Presently, Azure AD Provisioning does not flow null/empty values into target directories. This means that an attribute that has a value will not have that value removed, even if the value is removed in Azure AD. This will be possible in the future, but I don't have an ETA that I can share unfortunately.


1 additional answer

Sort by: Most helpful
  1. 2020-12-23T22:13:54.657+00:00

    Hello, please Create a support request a properly address this issue or let us know if you need assistance doing so.

    1 person found this answer helpful.
    0 comments No comments