25,285 questions
Hi, see if this solution works for you:
https://learn.microsoft.com/en-us/answers/questions/703010/azure-ad-sync-error-114-1.html
adconnect onprem and cloud
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 45%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDP%3C/text%3E%3C/svg%3E)
Darren Phillips
1
Reputation point
ew currently have a onprem ad and a cloud ad, we are synching the onprem contents with the cloud and running into a odd issue. we are removing certain users from the synching, by moving them into a non synced folder in local ad. then restoring the user in the cloud. this is being done to migrate users to cloud only ad. everything works but the local adconnect keeps trying to sync the user to the cloud. when we check the evet viewer, we get. full syncs were done after moving the users , as they disappeared from active users, and went into the deleted users. how do we stop these errors?
"This error indicates that a deleted object was recovered from the recycle bin in Azure AD before Azure AD Connect was able to confirm its deletion. Please delete the recovered object in Azure AD to fix this issue. Please refer to https://learn.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-sync-errors#deletion-access-violation-and-password-access-violation-errors
Tracking Id: bbac5dba-3288-47c1-912b-eaa89e4a6cde
ExtraErrorDetails:
[{"Key":"ObjectId","Value":["00d029a6-61d5-434f-8e04-6d1c499cfece"]}]"
Microsoft Security | Microsoft Entra | Microsoft Entra ID
{count} votes
-
JamesTran-MSFT 36,911 Reputation points Microsoft Employee Moderator2023-01-03T19:12:24.597+00:00 @Darren Phillips
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.----------
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.
Sign in to comment
2 answers
Sort by: Most helpful
-
Andy David - MVP 158K Reputation points MVP Volunteer Moderator2022-12-27T15:38:25.577+00:00 -
JamesTran-MSFT 36,911 Reputation points Microsoft Employee Moderator
2022-12-29T00:40:10.98+00:00 @Darren Phillips
Thank you for your detailed post!Error Message:
This error indicates that a deleted object was recovered from the recycle bin in Azure AD before Azure AD Connect was able to confirm its deletion. Please delete the recovered object in Azure AD to fix this issue. Please refer to https://learn.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-sync-errors#deletion-access-violation-and-password-access-violation-errorsAdding onto what was shared by @Andy David - MVP , and from your initial post - I understand that you're trying to remove certain users from being sync'd. You're removing these users by moving them into a non-sync'd folder within your local Active Directory, and once these users are deleted within Azure AD, you're then restoring the deleted users (within Azure) to migrate/convert these users to cloud only.
---------------------------
**Findings: **
From your error message and current migration process -converting users to cloud-only by restoring them from the Azure AD Deleted Users bin or clearing the ImmutableID is not supported. When you immediately restore the users within Azure AD - so they can become a cloud-only user, these user's will still contain all the on-prem properties that were synced from your local AD. For more info - Azure AD Sync error 114.Sync error 114, which should be located within the Synchronization Service Manager (Export) logs, occurs because AADConnect soft deletes the user from Azure AD, and the user is immediately restored before AADConnect has a chance to confirm the delete.
-----------------------------
Troubleshooting:
Note: The only supported method for converting users is to disable DirSync on the Tenant.For more info - Deletion access violation and password access violation errors.To resolve these errors, you'll have to delete the user(s) using PowerShell or the Azure Portal and run a delta sync so AADConnect can confirm the deletion.
- Delete the Azure AD user via the Portal or with PowerShell so the user is in a soft deleted (restorable/recoverable) state.
- Run
Start-ADSyncSyncCyle -PolicyType Deltaand it should import data appropriately. - Confirm the Deletion was successful.
- Restore the User from the Azure AD Deleted Users Bin.
- Run
Start-ADSyncSyncCyle -PolicyType Deltaon the server to confirm the error does not appear again.
I hope this helps!
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.----------
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.
-
JamesTran-MSFT 36,911 Reputation points Microsoft Employee Moderator
2022-12-30T17:35:08.857+00:00 @Darren Phillips
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.----------
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.
Sign in to comment