AD/Internal Hybrid User contact info not updating from AD

Need some help on AD/Internal Hybrid user source.

I cannot get some user source contact info to update from AD.
The users SMS-nr is used to send SMS-alarms so it is vital that updating in the AD takes effect in the User Source.

SETUP
User Source
Type: AD/Internal Hybrid
Failover source: None
List Users from Active Directory: T (Active Directory will be queried for the list of all users).
Populate Users On-Demand: T (user record will be created in the Internal Database from the AD entry of any user who successfully authenticates into AD if the record does not already exist in the Internal Database at the time of authentication.)
SMS Attribute: mobile (Only used during initial user creation when populate users on-demand feature is enabled).

AD
The AD has the phone numbers in the 'Mobile' Attribute field.

DEBUGGING
A specific user causing problems did not have any phone number in the AD when User Source was "set up" first time.
Tried disabeling "Populate Users On-Demand" and creating the "SMS" contact info manually (with some dummy nr) - the AD value does not update.

Also tried on my personal user as well, changing my number in Ignition User Source, it does not update "back".

Ignition connects to AD without errors (UserSource.AD_Internal_Hybrid):

Having a hard time finding how the contact info is
Any ideas on next actions?

BR
/David

Ignition doesn't send anything back to AD, ever, whether hybrid or not.

With the hybrid, all contact info, and roles, and any other aux info must be maintained in Ignition after initial user copy.

Excellent clear answer, thank you Phil!

So is a second pure AD user source for the users in my roster my solution here?
/David

I don't have much experience configuring it (I let my clients handle their own Microsoft management actions), but I usually see regular AD user sources deployed with soft fallback to an internal user source. Not hybrids.

I recommend setting up a soft failover to Ignition's Default user source and leave the Administrator user set up there. That way, if you ever mess up the AD settings and lock yourself out you can get in to fix it.

Thanks for the tip!
We have separate admin user accounts residing in the default provider, should that happen. But I'll make a mental note, think it could solve som issues I have when running a backup in a Docker container....