Table of Contents
Some users cannot sync to Entra ID
In some cases, one or more users cannot synced from local active directory to Entra ID. An .onmicrosoft account is created instead of overwrite cloud user.
The root of the problem is that account has been assigned a administrative role, so Entra ID Sync service cannot overwrite the account.
Temporary remove the administrative role
1. To fix it, let’s temporary remove the administrative role for that account to able sync to Entra ID.
2. Move the local user out of synced OU then run Start-ADSyncSyncCycle -PolicyType Initial to force synchronize. The incorrect synced user (.onmicrosoft) would be remove from Entra ID.
PS C:\Users\Administrator> Start-ADSyncSyncCycle -PolicyType Initial
Result
------
Success
3. Navigate to Azure Active Directory to delete incorrect synced user permanently.
4. Move the local user back to the synced OU then run Start-ADSyncSyncCycle -PolicyType Initial to force synchronize. The user would be synced to Azure Active Directory without any issue.
PS C:\Users\Administrator> Start-ADSyncSyncCycle -PolicyType Initial
Result
------
Success
5. Navigate to Microsoft 365 admin center | Users | Active Users to verify it works. And, reassign the administrative role for the user.
