SipProxyAddress AttributeConflictValues while syncing AD On-Premises to Ahzure AD

In some cases, where you have the same user in On-Premises AD and Office 365 Azure AD, synchronization may fail. Fixing a common DirSync/ AAD Connect issue with duplicate cloud account.
This is due to the SOFT MATCH (UPN and ProxyAddesses), you must use HARD MATCH.
The duplicate error, which means the Local AD account and the cloud account did not merger due to Immutable ID mismatch.


ExtraErrorDetails:

[{"Key":"ObjectId","Value":["677e2ead-14e8-4e18-9b25-49d5c75472f1"]},{"Key":"ObjectIdInConflict","Value":["7505ed65-e7f5-4dca-9f78-2617a247f047"]},
{"Key":"AttributeConflictName","Value":["SipProxyAddress"]},{"Key":"AttributeConflictValues","Value":["UserName@domain.com"]}]



$upn user@domain.com 
$GUID = (Get-ADUser -Filter {UserPrincipalName -eq $upn}).ObjectGUID 
$ImmutableID = [System.Convert]::ToBase64String($GUID.tobytearray()) 
Set-MSOLuser -UserPrincipalName $upn -ImmutableID $immutableID

This fixes the issue. 

Some more verifying the ImmutableID:
Get-MsolUser | ft UserPrincipalName,immutableid,lastdirsync* UserPrincipalName

if you have sourceanchor issue, try setting the ImmutableID to $null
Set-MSOLUser -UserPrincipalName user@domain.com -ImmutableID "$null"

Issue with user newly created in Azure AD in the format of user{4-digit}@domain.com.
You must delete the Online USer and remove this object from recycle bin.
Remove-MsolUser -UserPrincipalName user2345@domain.com -RemoveFromRecycleBin

Note:
https://support.microsoft.com/en-us/help/2647098/duplicate-or-invalid-attributes-prevent-directory-synchronization-in-o
https://support.microsoft.com/en-us/help/2643629/one-or-more-objects-don-t-sync-when-the-azure-active-directory-sync-to
https://support.microsoft.com/de-de/help/2430520/error-in-the-office-365-portal-value-of-msrtcsip-primaryuseraddress-or
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-syncservice-features

Comments

  1. In your solution, line 3 generates an error on my 2016 server - "You cannot call a method on a null-valued expression."

    ReplyDelete
    Replies
    1. Hi, this is because a typo in the first line:
      $upn = user@domain.com
      the equal is missing

      Delete
    2. Thanks Thomas, but no, I spotted that and fixed it (you also need quotes round the email address). Still got the error...

      Delete
    3. This is honestly wired. The error tells you, that ToBase64String($GUID.tobytearray() is empty/ has no value/ the transformed expression should be empty. can you check, the result if ToBase… only

      Delete
  2. I get the same thing reported as Thomas Poett. Maybe this blog post should be fixed or taken down?

    ReplyDelete
    Replies
    1. Did you check the ToBase only. What’s your result?

      Delete

Post a Comment

Popular posts from this blog

How to hide users from GAL if they are AD Connect synchronized

Cannot join external Lync Meeting: Lync Edge Server Single IP Address (Lync Edge Server Single IP Web Conferenceing Problem)

MFA with Guest Access and different tenants settings