Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Having Soft Match Problem with Azure AD Connect

Copper Contributor

Hey guys,

 

I'm really stuck so I'm reaching out for a little help.

 

I am trying to setup Azure AD connect on my AD and O 365 environment, but am having a huge problem. I have existing accounts on office365 and want to match them with AD accounts. I have researched "Soft Matches" and attempted to match the UPN and ProxyAddress or Email to no luck. I just get Dirsync errors saying I have duplicated userprincipale name and duplicate proxy addresses. Isn't the whole point of soft matching is that they should be the same?

 

I made sure EnableSoftMatchOnUpn was enabled.

 

Thanks! 

6 Replies
Hi! Yes adconnect should do a soft match in this case! Do the smtp addresses and UPN addresses really match exactly?
Do all users who exist in cloud fail to match from on-premises??
Have any users been sync before?
Have you checked so there is not any mail aliases that conflicting?
Checked the info in the synchronization manager or event viewer for more information?
Please read this also:
https://support.microsoft.com/en-us/help/2647098/duplicate-or-invalid-attributes-prevent-directory-s...

If for some reason it doesn’t work you could do a hard match instead on the immutableID but this must be populated
There are lot of documentation about this

Cheers adam
Hi!
Yes adconnect should do a soft match in this case!
Do the smtp addresses and UPN addresses really match exactly?
Do all users who exist in cloud fail to match from on-premises??
Have any users been sync before?
Have you checked so there is not any mail aliases that conflicting?
Checked the info in the synchronization manager or event viewer for more information?

Please read this also:
https://support.microsoft.com/en-us/help/2647098/duplicate-or-invalid-attributes-prevent-directory-s...

If for some reason it doesn’t work you could do a hard match instead on the immutableID but this must be populated
There are lot of documentation about this

Cheers adam

Hey Adam,

 

Thanks for the quick reply. 

 

The STMP and UPN's are exactly the same. I'm only testing this feature with one account at the moment before I take it organization wide. I deleted all the aliases from the profile while troubleshooting. I checked the event viewer but did not see any events. I deleted my office365 account and ran a sync again and it created a new one and worked correctly, but I already have an organization with established office365 accounts and data and would hate to have to delete all of them just to have to transfer over the data. 

 

I checked the article you sent, and it suggests that I try soft matching which I'm not able to get working. I will try hard matching though, I read you have to manually convert the GUID though so it seems troublesome for an entire organization to be synced. 

Please try to sync another account instead! Either create one on each side or try an existing one Which lives on both sides

@BGC Admin

 

Hi there

 

I'm facing same troubles as you did, I'm in migration preparation to sync local AD with AzureAD.

Could you tell me how you solved the issue ?

 

Brano

@Sklad_Turbinova 

 

I realized that my conflicts in synchronization are caused by user objects in Deleted users. Once I hard delete then synchronization does not detected any other issue and works well since than.

BR, Brano