Error - QuarantinedAttributeValueMustBeUnique

Case History.

1. Client already had users created in office 365

2. Client wanted to setup SSO for office 365 users

Approach for requirement fullfilment  

1. Deployed and configured Azure AD connect 

    95% users were synced and soft match was successfully done 

5% users were getting error - QuarantinedAttributeValueMustBeUnique 

(to view the sync issues - https://aad.portal.azure.com/#blade/Microsoft_Azure_ADHybridHealth/AadHealthMenuBlade/SyncErros) 

When we checked 2 users were found under Active users 

1. one in Cloud (this was created earlier/ already existed ) with active licenses and Mailbox

2. one unlicensed synced with AD

Solution -

1. Delete the unwanted user in Azure or AD as per this document. https://blogs.msdn.microsoft.com/hkong/2017/03/23/how-to-fix-attributevaluemustbeunique-error-message-when-trying-to-sync-an-object-from-on-premises-active-directory-to-office-365/ 

but 

If we delete the user in Azure we will loose the Email Data and if we delete the user in AD we will lose the profile on system.

However considering the above condition and in order to retain data and Profile too we had resolved using another work around.

1. Created a OU in AD “Non o365 sync”
2. Edited the Azure AD connect and stopped the above mentioned OU from syncing with Azure
3. Moved the users to this OU
4. This deleted the users in office 365, that were unlicensed and syncing with AD
5. Deleted the user from Office 365 recycle bin
6. Edited the Users UPN In AD and moved back to “Users” OU
7. Synced the users in office 365 identities mapped