Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 45%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAV%3C/text%3E%3C/svg%3E)
Thank you for reaching Microsoft Q&A Forum!
I understand that you are trying to update the synced user properties via graph API.
If the users are synced from an on-prem AD the error sounds expected by design. users synchronized from on-premises Active Directory (AD), these attributes are controlled by AD and cannot be modified through Graph API.
If you need to update these attributes for synchronized users, you'll have to do so directly in your on-premises AD environment. Once updated, these changes will be synchronized to AAD.
Please refer the below threads which is similar to your issue.
https://github.com/microsoftgraph/msgraph-sdk-powershell/issues/1854
https://learn.microsoft.com/en-us/answers/questions/456452/cant-edit-extension-attributes-with-graph-api
https://learn.microsoft.com/en-us/answers/questions/1643481/when-trying-to-manage-extension-attribute-via-grap
Hope this helps. Do let us know if you any further queries by responding in the comments section.
Thanks,
Akhilesh.
If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.