Symptoms
Office 365 User does not react on properties modifications. On attempt to change some properties, updateLocallyOnly: True
mode switch can be found in the sitelog
:
DEBUG aps_endpoint: UpdateUserImpl(office365User: Aps.id: 0be0c7b3-...-1767ed6dde89, Login: some.user@provider.onmicrosoft.com, DisplayName: Some User, tenant: c6a50d69-...-731439668028, crudCtx: Update, updateLocallyOnly: True)
Office365 account synchronization informs this user is readonly (sitelog
):
DEBUG sync: User some.user@provider.onmicrosoft.com is readonly
Also ImmutableId
property is not empty on the Microsoft side:
Get-MsolUser -TenantId 18a155bb-...-cb1d21036489 | where-object {$_.DisplayName -eq "Some User"} | select-object -ExpandProperty ImmutableId
ubofAU3y1kmsETERGMp4Hg==
Cause
Office365 APS application Endpoint marks users as readonly if Directory Synchronization is enabled on the Microsoft side and(or) ImmutableId
property is not empty.
Generally it should be empty when ADSync is off.
Resolution
Please contact Odin Technical Support