Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,465 questions
Hello @T. Kujala
Thank you for reaching out. I would like to inform you below:
- Error message DeletingCloudOnlyObjectNotAllowed or Error 114 usually occurs AD Connect is trying to export something, but it has DirSync Enabled set to "False".
- Basically, Sync is trying to delete a 'restored' user or other object. This is usually because a user has been moved to an un-synced OU or deleted On-Prem and cloud object has been restored.
- The easiest way to find such users would be look for accounts on Azure AD which have ImmutableID value published and DirSyncEnabled status is set to False.
- To export list of all such objects you can use following command:
Get-AzureADUser -All $true | Select-Object -Property UserPrincipalName,ObjectId,ImmutableId,DirSyncEnabled | Export-Csv -Path C:/Users1.Csv -NoTypeInformation
- Once the file is exported you can look up the csv for users which have DirSync Enabled Status as False and still ImmutableID published.
- Post finding the user you can set the ImmutableID value to null and perform a Delta sync to fix the issue.
I hope this answer helps to resolve your issue.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 98%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3E0%3C/text%3E%3C/svg%3E)