During the execution of a Directory Sync Workflow, the following error appears in the job log or task details:
SetAzureADUserThumbnailPhoto: Error setting properties.
This error is being returned by Microsoft, not by the ODM tool and occurs when ODM attempts to update the Azure AD (Entra ID) user’s thumbnail photo but lacks the required permissions or encounters invalid photo data.
1. Verify Graph API permissions
a. In the target tenant, open Entra ID → App registrations → Quest On Demand Migration.
b. Under Permissions, confirm the following entries exist:
c. If missing, add these permissions.
2. If this attribute isn’t required, it can be simply removed from the mapping in the template. However, if it’s a mandatory attribute, it's recommended to attempt to set it using Microsoft Graph API to help identify any potential issues within the tenant configuration.
