Odd Azure AD Connect Sync Issue

Occasional Visitor


We've just started the process of changing to Azure AD, so far, everything is going well, but I've got this one user that throws an error and won't sync from our on prem AD. 


The user isn't a global admin, and looking in the operations tab of the Sync Server Manager it shows two object ids - I've queried them against both on prem AD and Azure AD, however only the "objectIdInConflict" exists on AzureAD. 


I tried removing the users email address from their on prem AD account, which the sync then worked by creating a new Azure AD account with a random username. Because their existing account has mail in it, a new account isn't really an option if I can avoid it. 

I then re-added the email address to their on prem account, and removed the account with the random username and the sync once again fails. However as you can see by the included screenshot there doesn't actually appear to be an object that its conflicting with which has got me baffled. 


Can anyone offer any advice of what I can check? or is it possible to force object linking?





1 Reply



That screenshot isn't overly useful.


It might pay to check AAD Connect, specifically within the "Synchronization Service" Manager. I'd anticipate you'll find an error pertaining to this user's account in one of the synchronisation cycles (likely a DS, or Delta Sync, cycle).


My assumption from what you've written is that "mail" was nominated within the AAD Connect configuration manager as the joining attribute, which would explain why changing its value allowed you to progress - albeit in a not-so-useful manner.


If that assumption is accurate, then you would want to check for any on-premise duplications of that mail address through something like the following in PowerShell:


Get-ADObject -Filter { (mail -eq "problematicAddressHere@yourdomain.com") }


You can run into derived issues like conflicting proxyAddresses produced from the MOERA process but I'm just speculating again where it's probably prudent to start basic.