Solved: CSV Import fails - Cannot modify synced user

Steve Baker · ‎09-11-2018

I am trying to update some of our user information by importing a CSV file. All of our users are currently synced from active directory but it is set not to pull phone numbers. I need to import phone numbers for some users via csv. Whenever I try to do this though I get the error message Cannot modify synced user “username”.

Does anyone know what might be causing this?

Thanks
Steve

DuoKristina · ‎09-12-2018

As @glark mentioned, you cannot modify attributes of a synced user using CSV import.

Try this:

Go to your directory sync config page in the Admin Panel.
Check the box to import phones.
Enter the names of the AD attribute(s) that hold phone information if you’re using something other than the default values.
Perform a sync.

The phones will be imported into Duo and attached to those users.

ETA it sounds like you don’t have the phone info you’d want in Duo consistently populated in your directory? So that approach may not work for you.

If that’s the case. You can try this:

Delete the synced directory from Duo. All the synced users become regular users (none will be deleted).
Use CSV import to add the phones you want to these users. Import will work because they’re no longer managed by directory sync.
Recreate your directory sync using the exact same config as before (don’t check the box to import phones).
When you run the sync it will take over managing the users again, but leave the phones you created via import alone.

Duo, not DUO.

View solution in original post

glark · ‎09-11-2018

As best as I understand you can’t modify most of a synced user’s information (see here: Directory Sync - Troubleshooting and FAQ | Duo Security It sounds like you may be able to add additional phones though (have you tried adding the phone number as like phone 2 or phone 4 by chance?). I’m also pretty interested to see if this works, as we are rapidly heading towards AD integration.

Edit: Actually after reading a little further, you might be able to if sync phones option is disabled, so you may want to check that as well~

Steve Baker · ‎09-12-2018

Thanks for the reply. I’ve not tried adding it as phone 2 or 3 etc. yet so I will give that a try. What I find strange is that I can manually add a phone for an AD synced user but the same operation doesn’t work from CSV.

We have sync phones turned off already for our AD sync. We found that whatever is in AD will override anything you have in Duo, If the mobile phone field in AD is blank it will delete the mobile phone number in Duo. As we’ve got a mix of corporate and personal phones not all are listed in AD so we couldn’t use this feature.

DuoKristina · ‎09-12-2018