I recently (2 weeks ago) went through and deleted a bunch of old users who were disabled in our system once they reached a 90 day threshold - there were quite a few of them. Since then, I have been getting sync errors every other day that just state its an "other" error with code 114. I keep searching for the objectGUID that is provided and it is returning no results. All other documentation I have reviewed related to this error type has proven unhelpful. I am fairly new to Azure AD, so maybe I am just missing something. Any help would be greatly appreciated.

@Dakota Young , We are checking this and will update on the same.

@Dakota Young ,

As per your explanation the objects have been disabled in your system and this change of state to disabled would have synced to Azure AD tenant for all these users. In the Azure AD tenant whenever a sync for the user object is broken it moves to the recycle bin where the object will stay for 30 days and then it will get removed .

I tested this and waited sometime to replicate the same scenario . I deleted a user from on-premise synced OU . This caused the synced user in the cloud to get deleted . However , I tried to recover this user form the Azure AD portal (same can be done from Microsoft 365 admin center as well . Once recovered it is converted to a non-synced cloud-only user like below as seen in Azure portal .

And then you will see the Azure AD Sync error 114 like below with only GUID value on the Azure portal as well as in the on-premise AD connect tool .

The Error 114 comes because the restored/converted cloud-only user account have ImmutableId attribute value present, which will be empty for a cloud-only user. So if you check a user which is a "cloud-only User" vs user synced from on-premise there is a attribute called DirSyncEnabled which will have a value true for every synced user and in addition to this every synced user will surely have ImmutableId value which is basically the Base64 encoded value of synced users objectGuid from on-premise active directory.

Once you click the error in the Synchronization Service Manager console for Azure AD connect you would see the details about the object . The CloudAnchor attribute value contains the ObjectID of the user in the cloud. This is the user which was removed from on-premise but is still present in the cloud either in the deleted users container or has been restored. You can click on the cloud Anchor attribute and press CTRL+C on your keyboard to copy the objectId. Save it in a notepad file for usage later. In my case this was 1ccd0011-dd23-49a0-a10e-1a0dd0d4ad4e

If we compare the object mentioned in the error with a normal cloud only User here is the difference in attributes . And you can see that despite the object not being sync enabled (DirsyncEnabled=False) , it has ImmutableId Value.

Cloud-Only Non-synced User

PS C:\> Get-AzureADUser -ObjectId ******@Mxxxxxxx.OnMicrosoft.com | fl -Property ObjectId,ObjectType,DirSyncEnabled,ImmutableId,DisplayName,Mail,LastDirsyncTime,UserPrincipalName,UserType  

ObjectId          : 9e5e7e54-918b-4c07-ac09-47f21d3857c2  
ObjectType        : User  
DirSyncEnabled    :                                                                <<<------------------------  
ImmutableId       :                                                                  <<<------------------------  
DisplayName       : Alex W  
Mail              : ******@Mxxxxxxx.OnMicrosoft.com  
LastDirSyncTime   :   
UserPrincipalName : ******@Mxxxxxxx.OnMicrosoft.com  
UserType          : Member  

RESTORED USER

PS C:\> Get-AzureADUser -ObjectId 1ccd0011-dd23-49a0-a10e-1a0dd0d4ad4e | fl -Property ObjectId,ObjectType,DirSyncEnabled,ImmutableId,DisplayName,Mail,LastDirsyncTime,UserPrincipalName,UserType  
  
ObjectId          : 1ccd0011-dd23-49a0-a10e-1a0dd0d4ad4e  
ObjectType        : User                                              
DirSyncEnabled    : False                             <<<------------------------  
ImmutableId       : 9PbjpnSYH0CxBWMN2TE9wQ==        <<<------------------------  
DisplayName       : Bit Coin  
Mail              :   
LastDirSyncTime   : 1/22/2022 11:29:38 AM  
UserPrincipalName : ******@Mxxxxxx.onmicrosoft.com  
UserType          : Member  

Solution

• Get the details of the object by going to the Azure AD Connect server on-premise for error 114 as shown above.
• Once you have the objectId of the object check the object using Powershell.
• Connect with global administrator Credentials using Connect-MsolService. Please follow the link to install the MSOnline PowerShell module.
• Once logged in to the MSOnline service using PowerShell console , run the cmdlet .
• Set-MsolUser -ObjectId [object guid obtained in earlier step ] -ImmutableId "$null"
• This will set the ImmutableId value null for the problematic object in the Azure AD cloud.
• You can verify this by using the cmdlet Get-AzureADUser -ObjectId 1ccd0011-dd23-49a0-a10e-1a0dd0d4ad4e | fl -Property ObjectId,ObjectType,DirSyncEnabled,ImmutableId,DisplayName,Mail,LastDirsyncTime,UserPrincipalName,UserType
• The output would have a null ImmutableId value.

-|

PS C:\> Get-AzureADUser -ObjectId 1ccd0011-dd23-49a0-a10e-1a0dd0d4ad4e | fl -Property ObjectId,ObjectType,DirSyncEnabled,ImmutableId,DisplayName,Mail,LastDirsyncTime,UserPrincipalName,UserType  
      
ObjectId          : 1ccd0011-dd23-49a0-a10e-1a0dd0d4ad4e  
ObjectType        : User  
DirSyncEnabled    : False  
ImmutableId       :                                        <<<------------empty immutable Id------------  
DisplayName       : Bit Coin  
Mail              :   
LastDirSyncTime   : 1/22/2022 11:29:38 AM  
UserPrincipalName : ******@Mxxxxxx.onmicrosoft.com  
UserType          : Member  

In your case you seem to want to remove those Ids as you have them deleted from on-premise AD so you can delete those objects by finding them from the portal or delete them permanently . If they are in the deleted users container , you can delete them from there permanently using the portal easily.

Thus you can solve this issue. the post as lengthy but my intention was to explain you at the deeper level as you mentioned that you are new to azure AD. The error should automatically be gone from the portal in the next 2-3 hours. Hope this helps you solve your problem. If you still have further issue , please let us know more details and we will continue to help you on this. If this was helpful , please do accept this post as answer so that it helps other members of the community searching for help on similar errors.

Thank you.

----------------------------------------------------------------------------------------------------------------------------------------------------------

• Please don't forget to click on whenever the information provided helps you. Original posters help the community find answers faster by identifying the correct answer. Here is how
• Want a reminder to come back and check responses? Here is how to subscribe to a notification
• If you are interested in joining the VM program and help shape the future of Q&A: Here is how you can be part of Q&A Volunteer Moderators

thank you for the clarification !