Forum Discussion
Todd Purifoy
Sep 25, 2018Copper Contributor
Some trouble syncing some users
We set up AAD a few weeks back and created an OU called ActiveSyncUsers. We set it up such that if we add a user to that group, they will be sync'd. So far so good. We created some new users, and they sync fine. Some of our existing users also worked fine.
However, today we started running into some of our OLDER existing users that are getting the following:
Hello itsupport@domain.com, You can troubleshoot this issue by running the Directory Synchronization troubleshooter on the server that has Azure Active Directory identity synchronization tools installed.
The Identity synchronization tool batch run was completed on Tuesday, 25 September 2018 20:30:20 GMT for directory IMS [.onmicrosoft.com]. The following errors occurred during synchronization:
Identity | Error Description | sourceAnchor |
Unable to update this object because the following attributes associated with this object have values that may already be associated with another object in your local directory services: [UserPrincipalName user@domain.com;]. Correct or remove the duplicate values in your local directory. Please refer to http://support.microsoft.com/kb/2647098 for more information on identifying objects with duplicate attribute values. | blablahblah | |
|
|
|
I am a little perplexed as to what this is actually telling me. So the user does exist in the AD, and he does have a cloud account. It APPEARS that dirsync sees this as a collision, and isn't MERGING the accounts?
5 Replies
Sort By
Hi,
In addition to the article Duplicate or invalid attributes prevent directory synchronization in Office 365
You need to review your AD Sync configuration and make sure that you've don't have any other object that using for this user, for example, it can be object that is using ObjectGUID as the anchor attribute an and not email address.
Also, make sure that you don't have secondary value for another object such as a deleted object, disable object or even smtp for a secondary object.
Eli.
Hi Todd,
Have you identified which object has the duplicate value? It can be someone having the same value in email address or proxyAddresses attributes.
- Todd PurifoyCopper Contributor
Also, if I run IDFIX, nothing comes up as erroneous. I expected to see DUPLICATE show up in light of this warning, but nothing comes up.
The steps here will depend on few factors, such as the status of the Duplicate Attribute Resiliency feature. In other words, follow the instructions in this article: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-syncservice-duplicate-attribute-resiliency
- Todd PurifoyCopper ContributorNo I haven’t. The user in 365 has an SMTP address of user@domain.com
That is the UPN for the user in AD. That is the closest thing I can find to a duplicate?
There are no other users with this address is 365.
I canny find the record that it is considering a duplicate?