Office 365 provisioning flow fails with the following error visible in the Okta dashboard:
Could not create user <username>in Office 365, received error: Unable to provision user <username> to Office 365, because 'Directory Sync' value of Disabled in Azure Active Directory is unsupported. Please visit the Azure Active Directory portal and set 'Directory Sync' state to Activated and retry.
- Office 365
- Provisioning
- Error
To enable Directory Sync in Azure AD, perform the steps mentioned in the documentation:
-
Install v1.0 and beta Microsoft Graph PowerShell modules.
Install-Module Microsoft.Graph -Force
Install-Module Microsoft.Graph.Beta -AllowClobber -Force
-
Connect with the Microsoft Hybrid Identity Administrator account.
Connect-MgGraph -scopes "Organization.ReadWrite.All, Directory.ReadWrite.All"
-
Verify the status of the DirSync type.
Get-MgOrganization | Select OnPremisesSyncEnabled
-
Store the tenant ID in a variable named organizationId.
$organizationId = (Get-MgOrganization).Id
-
Store the false value for the DirSyncEnabled attribute.
$params = @{onPremisesSyncEnabled = $true}
-
Perform the update.
Update-MgOrganization -OrganizationId $organizationId -BodyParameter $params
-
Verify the command.
Get-MgOrganization | Select OnPremisesSyncEnabled
NOTE:
-
- Before running any PowerShell command, please carefully review the command and the current Office 365 integration configuration. It is also recommended to review Microsoft's PowerShell documentation to understand the command functionality and proper usage.
- Directory Sync can be enabled in AAD, but it cannot be used in conjunction with AADConnect, DirSync, and AADSync, while Okta uses User Sync or Universal Sync.
- Retry the failed tasks after Directory Sync is enabled in Office 365. If Microsoft reports the error, please contact Microsoft Support for further troubleshooting.
