Azure Entra Cloud sync - User not synced to OnPremise Active Directory

Question

Microsoft Entra ID to AD

Groups are getting synced but not assigned users in the group. When syncing i get the following Message:

EntrySynchronizationSkip:

Result: Skipped

Description: The User 'xxxx' will be skipped due to the following reasons: 
1) This object is not assigned to the application. 
If you did not expect the object to be skipped,
assign the object to the application or change your scoping filter to allow all users
and groups to be in scope for provisioning. 
2) This object does not have required entitlement for provisioning.
If you did not expect the object to be skipped,
update provisioning scope to 'Sync all users and groups'
or assign the object to the application with entitlement of provisioning category 
3) This object did not pass a scoping filter. 
If you did not expect the object to be skipped, please review your scoping filters 
and ensure that the object passes your specified scoping criteria. 
The scope evaluation result is: {"On-prem Owned Users.dirSyncEnabled IS TRUE":false}

SkipReason: NotEffectivelyEntitled
IsActive: True
Assigned to the application: False   
IsInProvisioningScope: False
ScopeEvaluationResult: {"On-prem Owned Users.dirSyncEnabled IS TRUE":false}

Answer 1

Hey did someone get it working. When i am trying to sync groups with users. All users are skipped with description: Skipped

Description

The User 'xxx' will be skipped due to the following reasons: 1) This object is not assigned to the application. If you did not expect the object to be skipped, assign the object to the application or change your scoping filter to allow all users and groups to be in scope for provisioning. 2) This object does not have required entitlement for provisioning. If you did not expect the object to be skipped, update provisioning scope to 'Sync all users and groups' or assign the object to the application with entitlement of provisioning category 3) This object did not pass a scoping filter. If you did not expect the object to be skipped, please review your scoping filters and ensure that the object passes your specified scoping criteria. The scope evaluation result is: {"On-prem Owned Users.dirSyncEnabled IS TRUE":false}

SkipReason

NotEffectivelyEntitled

IsActive

True

Assigned to the application

False

IsInProvisioningScope

False

ScopeEvaluationResult

{"On-prem Owned Users.dirSyncEnabled IS TRUE":false}

ReportableIdentifier

227dcdf8-15fc-46c6-ac03-332eba1cb7fe

And yes i have read the documentation on https://learn.microsoft.com/en-us/entra/identity/hybrid/cloud-sync/how-to-configure-entra-to-active-directory
And there is specified that users/groups will be synced..

Answer 2

@admin Apologies for the delayed response, As I understand you are exploring the preview feature of Entra ID to AD (preview) through which you are trying to perform user writeback from Entra ID to on-premises AD.

Reviewed this documentation - https://learn.microsoft.com/en-us/entra/identity/hybrid/cloud-sync/how-to-configure-entra-to-active-directory this feature has been provided to offer Group Provision (Group writeback) to Active Directory.

Also, if you review the scoping section, only groups from Entra ID (cloud security groups) are provisioned to on-premise AD, not the users.

Let me know if you have any further questions, feel free to post back.

Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.