Azure AD Dirsync Error DeletingCloudOnlyObjectNotAllowed

In this segment, we are going to show you “how to fix Active Directory Dirsync Error DeletingCloudOnlyObjectNotAllowed“

Identify the affected objects with DeletingCloudOnlyObjectNotAllowed

You need to find the objects in Azure AD that have the ImmutableID value published and the DirSyncEnabled status set to False. You can use PowerShell to export a list of these objects with the following command:

Get-AzureADUser -All $true | Select-Object -Property UserPrincipalName,ObjectId,ImmutableId,DirSyncEnabled | Export-Csv -Path C:/Users1.Csv -NoTypeInformation

Fixing the Issue DeletingCloudOnlyObjectNotAllowed

After identifying the affected users or objects, you need to set the ImmutableID value to null and perform a Delta sync. This breaks the link between the on-premises AD user and its corresponding Azure AD user, allowing AD Connect to create a new Azure AD object during the next sync cycle. Use the following PowerShell commands:

# Connect to Azure AD with global admin credentials 
Connect-MsolService 
# Set the ImmutableID to null for the affected user 
Set-MsolUser -ObjectId '<user's object ID>' -ImmutableId "$null"
# Trigger a Delta sync 
Start-ADSyncSyncCycle -PolicyType Delta

Make sure to replace <user's object ID> with the actual object ID of the user you want to fix.

Please ensure you have the necessary permissions and understand the implications of these actions before proceeding.

Conclusion

By following the above steps, you will be easily able to solve the sync issue due to DeletingCloudOnlyObjectNotAllowed. If you’re not comfortable performing these steps, it’s best to consult with an IT professional or your organization’s Azure administrator.