[I sent an email to askaadconnecthealth@microsoft.com with the below content a few days ago but haven't heard back so decided to start a conversation here]
As per the below synchronization errors email I have been receiving, there are three cloud-only Office 365 users with “Sign in blocked” that were previously synched using Azure AD Connect. The accounts were previously moved out of the sync OU and when they appeared as deleted users in Office 365, were restored to keep their data intact. The AD users have since been deleted and cannot be restored.
https://aad.portal.azure.com/#blade/Microsoft_Azure_ADHybridHealth/AadHealthMenuBlade/SyncErros
There are no further error details other than the type: dn-attributes-failure
There are no other sync errors and Azure AD Connect is showing success on all connector operations.
I do not want to delete these accounts from Office 365.
Could anyone please advise me to know which steps to take to resolve the issue causing these three accounts to be included in the report for synchronization errors? They are cloud-only and do not need to be synched with AD.
Is it necessary to re-create the AD users in the sync OU and set their Office 365 account ImmutableID to sync and match their AD account (source anchor is objectGUID) so they do not get reported as sync errors?
-----
From: Microsoft Azure [mailto:azure-noreply@microsoft.com]
Sent: 02 September 2019 11:10
Subject: We detected synchronization errors in your directory
There are synchronization errors in your directory.
|
