Home

Having Soft Match Problem with Azure AD Connect

%3CLINGO-SUB%20id%3D%22lingo-sub-275796%22%20slang%3D%22en-US%22%3EHaving%20Soft%20Match%20Problem%20with%20Azure%20AD%20Connect%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-275796%22%20slang%3D%22en-US%22%3E%3CP%3EHey%20guys%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20really%20stuck%20so%20I'm%20reaching%20out%20for%20a%20little%20help.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20trying%20to%20setup%20Azure%20AD%20connect%20on%20my%20AD%20and%20O%20365%20environment%2C%20but%20am%20having%20a%20huge%20problem.%20I%20have%20existing%20accounts%20on%20office365%20and%20want%20to%20match%20them%20with%20AD%20accounts.%20I%20have%20researched%20%22Soft%20Matches%22%20and%20attempted%20to%20match%20the%20UPN%20and%20ProxyAddress%20or%20Email%20to%20no%20luck.%20I%20just%20get%20Dirsync%20errors%20saying%20I%20have%20duplicated%20userprincipale%20name%20and%20duplicate%20proxy%20addresses.%20Isn't%20the%20whole%20point%20of%20soft%20matching%20is%20that%20they%20should%20be%20the%20same%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20made%20sure%20EnableSoftMatchOnUpn%20was%20enabled.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks!%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-275796%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-275840%22%20slang%3D%22en-US%22%3ERe%3A%20Having%20Soft%20Match%20Problem%20with%20Azure%20AD%20Connect%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-275840%22%20slang%3D%22en-US%22%3EPlease%20try%20to%20sync%20another%20account%20instead!%20Either%20create%20one%20on%20each%20side%20or%20try%20an%20existing%20one%20Which%20lives%20on%20both%20sides%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-275836%22%20slang%3D%22en-US%22%3ERe%3A%20Having%20Soft%20Match%20Problem%20with%20Azure%20AD%20Connect%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-275836%22%20slang%3D%22en-US%22%3E%3CP%3EHey%20Adam%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20for%20the%20quick%20reply.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20STMP%20and%20UPN's%20are%20exactly%20the%20same.%20I'm%20only%20testing%20this%20feature%20with%20one%20account%20at%20the%20moment%20before%20I%20take%20it%20organization%20wide.%20I%20deleted%20all%20the%20aliases%20from%20the%20profile%20while%20troubleshooting.%20I%20checked%20the%20event%20viewer%20but%20did%20not%20see%20any%20events.%20I%20deleted%20my%20office365%20account%20and%20ran%20a%20sync%20again%20and%20it%20created%20a%20new%20one%20and%20worked%20correctly%2C%20but%20I%20already%20have%20an%20organization%20with%20established%20office365%20accounts%20and%20data%20and%20would%20hate%20to%20have%20to%20delete%20all%20of%20them%20just%20to%20have%20to%20transfer%20over%20the%20data.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20checked%20the%20article%20you%20sent%2C%20and%20it%20suggests%20that%20I%20try%20soft%20matching%20which%20I'm%20not%20able%20to%20get%20working.%20I%20will%20try%20hard%20matching%20though%2C%20I%20read%20you%20have%20to%20manually%20convert%20the%20GUID%20though%20so%20it%20seems%20troublesome%20for%20an%20entire%20organization%20to%20be%20synced.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-275810%22%20slang%3D%22en-US%22%3ERe%3A%20Having%20Soft%20Match%20Problem%20with%20Azure%20AD%20Connect%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-275810%22%20slang%3D%22en-US%22%3EHi!%3CBR%20%2F%3EYes%20adconnect%20should%20do%20a%20soft%20match%20in%20this%20case!%3CBR%20%2F%3EDo%20the%20smtp%20addresses%20and%20UPN%20addresses%20really%20match%20exactly%3F%3CBR%20%2F%3EDo%20all%20users%20who%20exist%20in%20cloud%20fail%20to%20match%20from%20on-premises%3F%3F%3CBR%20%2F%3EHave%20any%20users%20been%20sync%20before%3F%3CBR%20%2F%3EHave%20you%20checked%20so%20there%20is%20not%20any%20mail%20aliases%20that%20conflicting%3F%3CBR%20%2F%3EChecked%20the%20info%20in%20the%20synchronization%20manager%20or%20event%20viewer%20for%20more%20information%3F%3CBR%20%2F%3E%3CBR%20%2F%3EPlease%20read%20this%20also%3A%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F2647098%2Fduplicate-or-invalid-attributes-prevent-directory-synchronization-in-o%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F2647098%2Fduplicate-or-invalid-attributes-prevent-directory-synchronization-in-o%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EIf%20for%20some%20reason%20it%20doesn%E2%80%99t%20work%20you%20could%20do%20a%20hard%20match%20instead%20on%20the%20immutableID%20but%20this%20must%20be%20populated%3CBR%20%2F%3EThere%20are%20lot%20of%20documentation%20about%20this%3CBR%20%2F%3E%3CBR%20%2F%3ECheers%20adam%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-275808%22%20slang%3D%22en-US%22%3ERe%3A%20Having%20Soft%20Match%20Problem%20with%20Azure%20AD%20Connect%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-275808%22%20slang%3D%22en-US%22%3EHi!%20Yes%20adconnect%20should%20do%20a%20soft%20match%20in%20this%20case!%20Do%20the%20smtp%20addresses%20and%20UPN%20addresses%20really%20match%20exactly%3F%3CBR%20%2F%3EDo%20all%20users%20who%20exist%20in%20cloud%20fail%20to%20match%20from%20on-premises%3F%3F%3CBR%20%2F%3EHave%20any%20users%20been%20sync%20before%3F%3CBR%20%2F%3EHave%20you%20checked%20so%20there%20is%20not%20any%20mail%20aliases%20that%20conflicting%3F%3CBR%20%2F%3EChecked%20the%20info%20in%20the%20synchronization%20manager%20or%20event%20viewer%20for%20more%20information%3F%3CBR%20%2F%3EPlease%20read%20this%20also%3A%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F2647098%2Fduplicate-or-invalid-attributes-prevent-directory-synchronization-in-o%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F2647098%2Fduplicate-or-invalid-attributes-prevent-directory-synchronization-in-o%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EIf%20for%20some%20reason%20it%20doesn%E2%80%99t%20work%20you%20could%20do%20a%20hard%20match%20instead%20on%20the%20immutableID%20but%20this%20must%20be%20populated%3CBR%20%2F%3EThere%20are%20lot%20of%20documentation%20about%20this%3CBR%20%2F%3E%3CBR%20%2F%3ECheers%20adam%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E
BGC Admin
New Contributor

Hey guys,

 

I'm really stuck so I'm reaching out for a little help.

 

I am trying to setup Azure AD connect on my AD and O 365 environment, but am having a huge problem. I have existing accounts on office365 and want to match them with AD accounts. I have researched "Soft Matches" and attempted to match the UPN and ProxyAddress or Email to no luck. I just get Dirsync errors saying I have duplicated userprincipale name and duplicate proxy addresses. Isn't the whole point of soft matching is that they should be the same?

 

I made sure EnableSoftMatchOnUpn was enabled.

 

Thanks! 

4 Replies
Hi! Yes adconnect should do a soft match in this case! Do the smtp addresses and UPN addresses really match exactly?
Do all users who exist in cloud fail to match from on-premises??
Have any users been sync before?
Have you checked so there is not any mail aliases that conflicting?
Checked the info in the synchronization manager or event viewer for more information?
Please read this also:
https://support.microsoft.com/en-us/help/2647098/duplicate-or-invalid-attributes-prevent-directory-s...

If for some reason it doesn’t work you could do a hard match instead on the immutableID but this must be populated
There are lot of documentation about this

Cheers adam
Hi!
Yes adconnect should do a soft match in this case!
Do the smtp addresses and UPN addresses really match exactly?
Do all users who exist in cloud fail to match from on-premises??
Have any users been sync before?
Have you checked so there is not any mail aliases that conflicting?
Checked the info in the synchronization manager or event viewer for more information?

Please read this also:
https://support.microsoft.com/en-us/help/2647098/duplicate-or-invalid-attributes-prevent-directory-s...

If for some reason it doesn’t work you could do a hard match instead on the immutableID but this must be populated
There are lot of documentation about this

Cheers adam

Hey Adam,

 

Thanks for the quick reply. 

 

The STMP and UPN's are exactly the same. I'm only testing this feature with one account at the moment before I take it organization wide. I deleted all the aliases from the profile while troubleshooting. I checked the event viewer but did not see any events. I deleted my office365 account and ran a sync again and it created a new one and worked correctly, but I already have an organization with established office365 accounts and data and would hate to have to delete all of them just to have to transfer over the data. 

 

I checked the article you sent, and it suggests that I try soft matching which I'm not able to get working. I will try hard matching though, I read you have to manually convert the GUID though so it seems troublesome for an entire organization to be synced. 

Please try to sync another account instead! Either create one on each side or try an existing one Which lives on both sides
Related Conversations
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
30 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
7 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies