Entra Connect Not Updating Mobile Number

Question

Entra Connect Not Updating Mobile Number

Nick Ziff 20

I am having trouble getting a mobile number on an AD-synced Entra account updated. The mobile number attribute is selected to sync in the Entra Connect configuration and shows new values are supposedly updated in the Entra Sync logs but does not reflect on the contact information page in Entra for the user. I'm not seeing any other attributes on the local AD account that would reflect the current value in Entra, so that tells me I am not just updating the wrong value.

I also saw that the mobile number field is 'editable' on the O365 profile, but fails to save after the change. I am assuming that is due to the AD-sync status of the account.

Has anyone else experienced this issue?

Jose Benjamin Solis Nolasco 1,591 Reputation points

2025-04-25T14:11:54.4733333+00:00
@Nick Ziff Good morning How are you? I'm going to try to make a quick guide so you can double check your mobile number atribute on DirSync.

Understanding the IssueThe mobile number attribute (mobile in on-premises Active Directory, mobilePhone in Entra ID) is configured to sync via Entra Connect, but changes made in the on-premises AD are not updating in Entra ID, despite sync logs indicating success. The inability to edit the mobile number in the Office 365 portal and the error on saving changes confirm that the account is AD-synced, as Entra ID blocks direct edits to synced attributes. The lack of other AD attributes reflecting the incorrect Entra ID value suggests the issue lies in the sync process or Entra ID’s attribute handling, not a misconfigured AD attribute. This issue aligns with known problems where cloud-side changes or sync overrides block AD updates, as noted in sources like

Potential Causes in an Azure Environment

DirSyncOverrides Flag:

If the mobile number was previously edited in Entra ID or Office 365 (e.g., via Set-MsolUser or the Office 365 portal), the DirSyncOverrides flag may have been set, causing Entra ID to prioritize the cloud value over the on-premises AD value. This is a common issue when cloud tools like the MSOnline PowerShell module are used to modify synced attributes.

Attribute Mapping or Sync Rules:

The mobile attribute in AD may not be correctly mapped to mobilePhone in Entra ID, or a custom sync rule with higher precedence is overriding the default mapping.

The sync logs may show a “successful” update, but a scoping filter or transformation rule could be discarding the mobile number.

Duplicate Attribute Conflicts:

Another object in Entra ID (e.g., a contact, group, or user) may have the same mobile number, causing a conflict that prevents the update. Entra ID enforces unique attribute values for certain fields �遵从性问题可能导致同步错误，例如 AttributeValueMustBeUnique.

Sync Process Issues:

The Entra Connect sync process may be stuck, incomplete, or in staging mode, preventing full synchronization of the mobile number.

The Entra Connect server may have connectivity issues with Entra ID or AD, causing partial syncs.

Azure AD Configuration:

Conditional Access policies or Entra ID restrictions may block updates to synced attributes due to security settings.

The Entra Connect version may be outdated, causing bugs like those fixed in recent updates (e.g., version 2.3.20.0).

The mobile attribute in AD may not be populated correctly, or another attribute (e.g., telephoneNumber) is being synced to mobilePhone in Entra ID due to a misconfiguration.

Cloud-Only Overrides:

If the account was temporarily converted to a cloud-only account (e.g., during a sync disruption), it may have a DirSyncEnabled value of False, causing Entra ID to ignore AD updates.

Troubleshooting Steps (Azure-Focused)

Verify Entra Connect Configuration:

Open the Synchronization Rules Editor on the Entra Connect server (C:\Program Files\Microsoft Azure AD Sync\UIShell\SyncRulesEditor.exe).

Check the Inbound Synchronization Rule for In from AD - User AccountEnabled (or similar).

Ensure the mobile attribute from AD is mapped to mobilePhone in Entra ID:

Navigate to Attributes > Metaverse to Connector Space.

Confirm the mapping: mobile (AD) -> mobilePhone (Entra ID).

If the mapping is missing or incorrect, create a new rule with a lower precedence number (e.g., 50) to prioritize it.

Check for custom rules that might override the mobile number sync. Understanding the Issue The mobile number attribute (mobile in on-premises Active Directory, mobilePhone in Entra ID) is configured to sync via Entra Connect, but changes made in the on-premises AD are not updating in Entra ID, despite sync logs indicating success. The inability to edit the mobile number in the Office 365 portal and the error on saving changes confirm that the account is AD-synced, as Entra ID blocks direct edits to synced attributes. The lack of other AD attributes reflecting the incorrect Entra ID value suggests the issue lies in the sync process or Entra ID’s attribute handling, not a misconfigured AD attribute. This issue aligns with known problems where cloud-side changes or sync overrides block AD updates, as noted in sources like . Potential Causes in an Azure Environment

DirSyncOverrides Flag:

If the mobile number was previously edited in Entra ID or Office 365 (e.g., via Set-MsolUser or the Office 365 portal), the DirSyncOverrides flag may have been set, causing Entra ID to prioritize the cloud value over the on-premises AD value. This is a common issue when cloud tools like the MSOnline PowerShell module are used to modify synced attributes.

Attribute Mapping or Sync Rules:

The mobile attribute in AD may not be correctly mapped to mobilePhone in Entra ID, or a custom sync rule with higher precedence is overriding the default mapping.

The sync logs may show a “successful” update, but a scoping filter or transformation rule could be discarding the mobile number.

Duplicate Attribute Conflicts:

Another object in Entra ID (e.g., a contact, group, or user) may have the same mobile number, causing a conflict that prevents the update. Entra ID enforces unique attribute values for certain fields �遵从性问题可能导致同步错误，例如 AttributeValueMustBeUnique.

Sync Process Issues:

The Entra Connect sync process may be stuck, incomplete, or in staging mode, preventing full synchronization of the mobile number.

The Entra Connect server may have connectivity issues with Entra ID or AD, causing partial syncs.

Azure AD Configuration:

Conditional Access policies or Entra ID restrictions may block updates to synced attributes due to security settings.

The Entra Connect version may be outdated, causing bugs like those fixed in recent updates (e.g., version 2.3.20.0).

AD Attribute Issues:

The mobile attribute in AD may not be populated correctly, or another attribute (e.g., telephoneNumber) is being synced to mobilePhone in Entra ID due to a misconfiguration.

Cloud-Only Overrides:

If the account was temporarily converted to a cloud-only account (e.g., during a sync disruption), it may have a DirSyncEnabled value of False, causing Entra ID to ignore AD updates.

Troubleshooting Steps (Azure-Focused)

Verify Entra Connect Configuration:

Open the Synchronization Rules Editor on the Entra Connect server (C:\Program Files\Microsoft Azure AD Sync\UIShell\SyncRulesEditor.exe).

Check the Inbound Synchronization Rule for In from AD - User AccountEnabled (or similar).

Ensure the mobile attribute from AD is mapped to mobilePhone in Entra ID:

Navigate to Attributes > Metaverse to Connector Space.

Confirm the mapping: mobile (AD) -> mobilePhone (Entra ID).

If the mapping is missing or incorrect, create a new rule with a lower precedence number (e.g., 50) to prioritize it.

Check for custom rules that might override the mobile number sync.

Thanks!
Nick Ziff 20 Reputation points

2025-04-25T16:36:38.44+00:00

Hi Jose-

The Entra Sync configuration checks out and I also created a separate rule just for syncing the mobile number attribute. Is there a way to check if that DirSyncOverrides flag was set if you say that gets toggled when the number was updated in O365? Note that I could not update the number in O365 either when I tried to save the value.
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

Accepted answer

2 additional answers

Your answer

Nick Ziff 20 Reputation points

2025-04-25T16:36:38.44+00:00

Hi Jose-

The Entra Sync configuration checks out and I also created a separate rule just for syncing the mobile number attribute. Is there a way to check if that DirSyncOverrides flag was set if you say that gets toggled when the number was updated in O365? Note that I could not update the number in O365 either when I tried to save the value.
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

Answer 1

@Nick Ziff

Thank you for your time on the call today. As per our discussion you were facing an issue where you were unable to update phone number for few users in Entra ID via Entra connect.

Below are the steps that we took to resolve the issue.

Synchronized users properties cannot be changed from Microsoft Entra ID or Microsoft 365 admin portals, neither through any available PowerShell modules. Up until recently, the exception to this was the Microsoft Entra user’s attributes called MobilePhone and AlternateMobilePhones. These attributes are synchronized from on-premises Active Directory attributes mobile and otherMobile, respectively, but end users used to be able to update their own phone number in MobilePhone attribute in Microsoft Entra ID through their profile page. Changes to MobilePhone and AlternateMobilePhones attributes are no longer possible for Synchronized users except through the use of Microsoft Entra Connect or Microsoft Entra Cloud Sync.

When the Admin uses MsOnline or AzureAD PowerShell module or the user goes to MOP and updates the Mobile attribute, the updated phone number will be overwritten in Azure AD regardless of the object being synced from onpremises AD (DirSyncEnabled=true). Along with this update, Azure AD also sets the attribute "DirSyncOverrides = Mobile (1)" on the object to flag that this user had a Mobile phone set from Azure AD. From this point on, any update to the Mobile attribute coming from onpremises will simply be ignored by Azure AD as this attribute is no longer managed from on-prem AD.

We ran below commands to fix the issue,

Install-Module Microsoft.Graph
Connect-MgGraph -Scopes OnPremDirectorySynchronization.ReadWrite.All
$directorySynchronization = Get-MgDirectoryOnPremiseSynchronization
$directorySynchronization.Features.BypassDirSyncOverridesEnabled = $true
Update-MgDirectoryOnPremiseSynchronization -OnPremisesDirectorySynchronizationId $directorySynchronization.Id -Features $directorySynchronization.Features
Verify the status of the BypassDirSyncOverridesEnabled feature: (Get-MgDirectoryOnPremiseSynchronization).Features.BypassDirSyncOverridesEnabled
Once the feature is enabled, start a full synchronization cycle in Microsoft Entra Connect using the following command: Start-ADSyncSyncCycle -PolicyType Initial

You can refer to below article to get more information,

https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-bypassdirsyncoverrides

Let us know if you have any further questions.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Nick Ziff 20 Reputation points

2025-05-15T14:01:42.9633333+00:00

Thank you Sandeep! I'm glad we were able to resolve this issue.

Answer 2

Akhilesh Vallamkonda 14,805 Microsoft External Staff Moderator

Hi @Nick Ziff

By default, On-prem 'mobile' attribute is synchronized to 'Mobile phone**'** attribute in Entra ID there is no configuration changes is needed.
May I know is this happen for one single user or multiple users?
Is your Entra connect server sync is working?
check whether there are any errors with the sync process, and follow the steps in this article to confirm the attribute value "flows" through the connectors/Metaverse:
Troubleshoot an object that is not synchronizing with Microsoft Entra ID

Hope this helps. If you still do not see enough information to isolate the issue, I've initiated a private message for a closer investigation. please let me know by responding in the Private message section.

Akhilesh Vallamkonda 14,805 Reputation points Microsoft External Staff Moderator

2025-04-29T06:44:02.5966667+00:00

Hi @Nick Ziff
Following up to see if the above provided suggestion was helpful. And, if you have any further query and questions, please do let us know.

Answer 3

Deleted

This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

Comments have been turned off. Learn more

Share via

Entra Connect Not Updating Mobile Number

2 additional answers

Your answer