25,130 questions
Thats by design yes.
Manager is a sycned attribute and therefore can only be changed on-prem.
Unable to save assigned manager in Azure AD when the sync is enabled
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 21%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETO%3C/text%3E%3C/svg%3E)
Tony O Jalali
6
Reputation points
The manager field within Azure AD can be changed, but it fails to save for any user in Azure AD if sync is enabled!
We are using Azure AD along with on-prem AD. Out of 2000 users in AAD, about 150 of them are synced (using AAD Connect). For the sync users while we can change the manager information in Azure AD (such as assigning to a different manager), but unable to save the changes (due to account being synced).
Is there a fix if this is an issue?
Is there a way to have sync enabled for "Identity" fields, but for others such as "Job info" and "Profile info" categories to be changed in Azure AD even when the sync is enabled?
If we are not updating for instance the Manager information from On-Prem to Azure AD, then why we cannot modify it in Azure AD?
Why is the field appeared to be read only?
I have heard that as long as “Identify” fields are untouched, we can modify “Job info” and/or “Profile info” fields in Azure AD. I guess when sync is enabled for a user all fields are greyed out and become Read only!
Can someone to please provide a reason or link to a solution?
I do not have permission to access to on-prem to change the manager in on-prem to be replicated to Azure AD.
In a nutshell, I am using Power Apps to change the attribute of Azure AD without any issues, however for synced users I am unable to save the changes.
Microsoft Security | Microsoft Entra | Microsoft Entra ID
3 answers
Sort by: Most helpful
-
Andy David - MVP 157.8K Reputation points MVP Volunteer Moderator2022-04-01T11:39:01.493+00:00 -
Tony O Jalali 6 Reputation points
2022-04-02T18:54:50.84+00:00 Hi Andy,
Thank you for your response.
I know that the manager is a synced record by default, but the question remains:
Is it possible to change the default setting and remove Manager from being a sync attribute and not to be updated from On-Prem to Azure AD, thus, to allow manager field to be updated in Azure AD?
It appears that once a sync in enabled, no attributes can be changed in Azure AD, even if the default is changed, we still cannot update manager field or any other fields in Azure AD as long as the sync is enabled! -
Danny Zollner 10,801 Reputation points Microsoft Employee Moderator2022-04-04T23:04:13.937+00:00 With only a few exceptions (i.e.: the mobile phone number attribute and UPN) any attribute that can be synced from on-premises AD must be sourced from on-premises AD. The behaviors are locked and can't be customized. The only way to allow a user's manager to be edited in Azure AD would be for that user to be fully Azure AD managed, rather than synced from on-premises AD.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 73%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
Brian Scholl 1 Reputation point2023-02-09T03:08:22.9333333+00:00 Is this also the case with Cloud Sync? We removed Manager attribute mapping but still cannot change the value from M365/Azure AD. Unfortunate because we may now be forced to move away from syncing identities altogether.
Sign in to comment -
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 7.000000000000001%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EOS%3C/text%3E%3C/svg%3E)
Oleksii Skirko 1 Reputation point2022-11-03T09:49:17.2+00:00 Hi all
If there any workaround? We have a hybrid environment and some users are cloud only for a certain reasons.
So we couldn't set manager for synced user if the manager is cloud only user.
Sure, we could use custom attributes, but we would leave it for last.
Any suggestions appreciated. -
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 37%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYS%3C/text%3E%3C/svg%3E)
Yaghubyan, Sargis 35 Reputation points2023-03-02T00:46:32.2466667+00:00 I am having the same issue.
After changing manager in on-prem AD it sync with AZ and changes the manager, but after 4-5 hrs. it changes back to the old manager.
It only happens to one user.
Any Idea why it might happen?