Ways to modify sync'd Azure AD user data

Question

I am currently using Azure AD Connect with my on-premise AD to sync my users to Azure AD. When I try to modify users in Azure, all of the fields look dimmed and not modifiable. I am assuming this is because they want you to make the change in the on-premise AD. Is there a way to get a permission group created in Azure that would allow specific users to modify sync'd user attributes in Azure? Or is the only to do that with sync'd users is using the on-premise AD server? Any workarounds?

Thanks in advance.

Answer 1

HI @dtd646 · Thank you for reaching out.

Modification to synced users via Azure AD can only be done after Turning off directory synchronization by using below cmdlet:

Set-MsolDirSyncEnabled -EnableDirSync $false

Keep in mind that after directory sync is disabled, no changes can be synced from On-premises AD to Azure AD and re-enabling the directory sync may override the changes that you have done while directory sync was disabled.

If you don't want to turn off directory sync, the changes to synced objects can only be done via on-premises AD and then syncing the change to Azure AD.

Read more: https://learn.microsoft.com/en-us/microsoft-365/enterprise/turn-off-directory-synchronization?view=o365-worldwide

-----------------------------------------------------------------------------------------------------------

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Answer 2

No, making the changes on-premises is the only way.