Some trouble syncing some users

Brass Contributor

We set up AAD a few weeks back and created an OU called ActiveSyncUsers.  We set it up such that if we add a user to that group, they will be sync'd.  So far so good.  We created some new users, and they sync fine.  Some of our existing users also worked fine.

However, today we started running into some of our OLDER existing users that are getting the following:


Hello itsupport@domain.com, You can troubleshoot this issue by running the Directory Synchronization troubleshooter on the server that has Azure Active Directory identity synchronization tools installed.

The Identity synchronization tool batch run was completed on Tuesday, 25 September 2018 20:30:20 GMT for directory IMS [.onmicrosoft.com]. The following errors occurred during synchronization:

Identity

Error Description

sourceAnchor

user@domain.com

Unable to update this object because the following attributes associated with this object have values that may already be associated with another object in your local directory services: [UserPrincipalName user@domain.com;]. Correct or remove the duplicate values in your local directory. Please refer to http://support.microsoft.com/kb/2647098 for more information on identifying objects with duplicate attribute values.

blablahblah

 

 

 


I am a little perplexed as to what this is actually telling me.  So the user does exist in the AD, and he does have a cloud account.  It APPEARS that dirsync sees this as a collision, and isn't MERGING the accounts?

5 Replies

Hi Todd,

 

Have you identified which object has the duplicate value? It can be someone having the same value in email address or proxyAddresses attributes.

No I haven’t. The user in 365 has an SMTP address of user@domain.com

That is the UPN for the user in AD. That is the closest thing I can find to a duplicate?

There are no other users with this address is 365.

I canny find the record that it is considering a duplicate?

Also, if I run IDFIX, nothing comes up as erroneous.  I expected to see DUPLICATE show up in light of this warning, but nothing comes up.

The steps here will depend on few factors, such as the status of the Duplicate Attribute Resiliency feature. In other words, follow the instructions in this article: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-syncservice-duplicate-...

Hi,

 

In addition to the article Duplicate or invalid attributes prevent directory synchronization in Office 365

 

You need to review your AD Sync configuration and make sure that you've don't have any other object that using for this user, for example, it can be object that is using ObjectGUID as the anchor attribute an and not email address.

Also, make sure that you don't have secondary value for another object such as a deleted object, disable object or even smtp for a secondary object.

Eli.