Mobile number not syncing via AAD Connect

Mobile number not syncing via AAD Connect

Very brief observation from us today.

A customer complained that the mobile attribute was not syncing from their local Active Directory to Office 365/Azure Active Directory – even though AAD Connect was reporting the attribute changes….

It turns out, that this is one of the only attributes editable directly on Azure Active Directory / Office 365  which users can update. See here how it’s the only attribute available for edit.

Once they do update it directly, On-Premises Active Directory is no longer the authoritative source; Azure Active Directory / Office 365 is.

There is currently no way to reverse that.  The users who have made the change will need to update their mobile number directly in O365 going forward. All others users who haven’t done this will continue to have local AD as the authoritative source synced through AADC (Azure AD Connect sync).

 

The mobile attribute does differ to the mobile number specified for MFA in the AlternateMobilePhones attribute, which is not visible in the GAL. Previously there were some problems in O365 where registering for MFA updated both the mobile and AlternateMobilePhones attributes, but that has been resolved now.

 

UPDATE:- 2nd November 2018

I did create a support case and I was told the following

“This is <name removed> from Microsoft Online support. I checked your request as well as the blog. That is correct unfortunately, it is a bug and we don’t have a fix for it. I simulate this situation, check it on my knowledge base and confirming it. Unfortunately, I cannot tell you when it going to be resolved but I’ll report it and I’m pretty sure it will be resolved soon.”

I was also asked to create a user voice entry; so here it is if you want to add any weight.

https://feedback.azure.com/forums/34192–general-feedback/suggestions/35890825-aad-sync-make-mobile-attribute-authoritative-agai

If you want this behaviour reversed while we keep an eye on the defects fixed in the next releases of AAD Connect, you’ll need to log a call with Microsoft AAD support for them to change permissions for the attribute their side. You can provide Microsoft a list of accounts to perform this on. Unfortunately, if this is corrected for a user, and they then subsequently change the mobile attibute once again, you’ll need to create a fresh support ticket.