Skip to main content

Error - AttributeValueMustBeUnique in Azure AD connect sync



My customer had already created accounts in office 365 and managing them in Azure, however due to some changes in business they wanted to sync AD with Azure to sync Password and Manage Identity form AD.

 Solution - Deploy Azure AD connect on ADDC, and post that it will do a Soft Match.

 However there were error with some users, their identities did not sync and their status still reflected as Azure AD.

 Error - 

 Unable to update this object because the following attributes associated with this object have values that may already be associated with another object in your local directory services: [ProxyAddresses SMTP:user@domain.com;].  Correct or remove the duplicate values in your local directory.  Please refer to http://support.microsoft.com/kb/2647098 for more information on identifying objects with duplicate attribute values.

 Tracking Id: b8367c95-ae67-46e1-xxxx-xxxxxxxxxx
ExtraErrorDetails:
[{"Key":"ObjectId","Value":["cd088468-bb6a-40f9-xxxx-xxxxxxxxxx"]},{"Key":"ObjectIdInConflict","Value":["d7e8405c-54d5-41c6-xxxx-xxxxxxxxxxx"]},{"Key":"AttributeConflictName","Value":["ProxyAddresses"]},{"Key":"AttributeConflictValues","Value":["SMTP:user@domain.com"]}]


 I tried to do a Hard match following the article - https://blogs.technet.microsoft.com/praveenkumar/2014/04/11/how-to-do-hard-match-in-dirsync/ 

 This did not helped 

 From the Azure AD connect health wizard took Object ID of On-Prim AD  and tried to Map it against the Azure user 

 Set-MsolUser -UserPrincipalName user@domain.com -objectId "1xxxxxxxxxxxxxxxxx=="

 Ran the Azure AD connect sync - Did not helped
From the same place (AAD connect health page took Source Anchor
of AD object and Tried to map it 

 Set-MsolUser -UserPrincipalName user@domain.com -ImmutableId "1xxxxxxxxxxxxxxxxx=="

 This time it was successful 

Comments

Post a Comment

Popular posts from this blog

Error - QuarantinedAttributeValueMustBeUnique

Case History. 1. Client already had users created in office 365 2. Client wanted to setup SSO for office 365 users Approach for requirement fullfilment   1. Deployed and configured Azure AD connect      95% users were synced and soft match was successfully done  5% users were getting error - QuarantinedAttributeValueMustBeUnique  (to view the sync issues -  https://aad.portal.azure.com/#blade/Microsoft_Azure_ADHybridHealth/AadHealthMenuBlade/SyncErros )  When we checked 2 users were found under Active users  1. one in Cloud (this was created earlier/ already existed ) with active licenses and Mailbox 2. one unlicensed synced with AD Solution - 1. Delete the unwanted user in Azure or AD as per this document.  https://blogs.msdn.microsoft.com/hkong/2017/03/23/how-to-fix-attributevaluemustbeunique-error-message-when-trying-to-sync-an-object-from-on-premises-active-directory-to-office-365/ ...
Post a Comment
Read more

Recover Deleted items in Exchange online (Microsoft office 365)

  In Exchange online we provide 3 layers of Recovery so that messages can be recovered Deleted Items Folder Recover Deleted Items Folder Purges Folder     Deleted Items Folder When a mail is deleted(normal Delete not shift Delete) its moved to Deleted Items folder and its present there until, either we manually delete the messages from there or its deleted automatically as per the Retention Policy of the Organization(default value is 30 days)   Recover Deleted Items Folder   When a mail is Shift deleted(hard deleted), or deleted from Deleted items or removed from deleted items by the Retention policy, its moved to the Recover Deleted Items Folder and it remains there for next 14 days (can be extended to 30 days).   There are 2 folders under Recovery Deleted Items Deleted Folder(its not the normal Deleted folder in the mailbox) Purges Folder    When the mail is present in R...
1 comment
Read more