SipProxyAddress AttributeConflictValues while syncing AD On-Premises to Ahzure AD
In some cases, where you have the same user in On-Premises AD and Office 365 Azure AD, synchronization may fail. Fixing a common DirSync/ AAD Connect issue with duplicate cloud account.
This is due to the SOFT MATCH (UPN and ProxyAddesses), you must use HARD MATCH.
The duplicate error, which means the Local AD account and the cloud account did not merger due to Immutable ID mismatch.
ExtraErrorDetails:
[{"Key":"ObjectId","Value":["677e2ead-14e8-4e18-9b25-49d5c75472f1"]},{"Key":"ObjectIdInConflict","Value":["7505ed65-e7f5-4dca-9f78-2617a247f047"]},
{"Key":"AttributeConflictName","Value":["SipProxyAddress"]},{"Key":"AttributeConflictValues","Value":["UserName@domain.com"]}]
$upn user@domain.com
$GUID = (Get-ADUser -Filter {UserPrincipalName -eq $upn}).ObjectGUID
$ImmutableID = [System.Convert]::ToBase64String($GUID.tobytearray())
Set-MSOLuser -UserPrincipalName $upn -ImmutableID $immutableID
This fixes the issue.
Some more verifying the ImmutableID:
Get-MsolUser | ft UserPrincipalName,immutableid,lastdirsync* UserPrincipalName
if you have sourceanchor issue, try setting the ImmutableID to $null
Set-MSOLUser -UserPrincipalName user@domain.com -ImmutableID "$null"
Issue with user newly created in Azure AD in the format of user{4-digit}@domain.com.
You must delete the Online USer and remove this object from recycle bin.
Remove-MsolUser -UserPrincipalName user2345@domain.com -RemoveFromRecycleBin
Note:
https://support.microsoft.com/en-us/help/2647098/duplicate-or-invalid-attributes-prevent-directory-synchronization-in-o
https://support.microsoft.com/en-us/help/2643629/one-or-more-objects-don-t-sync-when-the-azure-active-directory-sync-to
https://support.microsoft.com/de-de/help/2430520/error-in-the-office-365-portal-value-of-msrtcsip-primaryuseraddress-or
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-syncservice-features
This is due to the SOFT MATCH (UPN and ProxyAddesses), you must use HARD MATCH.
The duplicate error, which means the Local AD account and the cloud account did not merger due to Immutable ID mismatch.
ExtraErrorDetails:
[{"Key":"ObjectId","Value":["677e2ead-14e8-4e18-9b25-49d5c75472f1"]},{"Key":"ObjectIdInConflict","Value":["7505ed65-e7f5-4dca-9f78-2617a247f047"]},
{"Key":"AttributeConflictName","Value":["SipProxyAddress"]},{"Key":"AttributeConflictValues","Value":["UserName@domain.com"]}]
$upn user@domain.com
$GUID = (Get-ADUser -Filter {UserPrincipalName -eq $upn}).ObjectGUID
$ImmutableID = [System.Convert]::ToBase64String($GUID.tobytearray())
Set-MSOLuser -UserPrincipalName $upn -ImmutableID $immutableID
This fixes the issue.
Some more verifying the ImmutableID:
Get-MsolUser | ft UserPrincipalName,immutableid,lastdirsync* UserPrincipalName
if you have sourceanchor issue, try setting the ImmutableID to $null
Set-MSOLUser -UserPrincipalName user@domain.com -ImmutableID "$null"
Issue with user newly created in Azure AD in the format of user{4-digit}@domain.com.
You must delete the Online USer and remove this object from recycle bin.
Remove-MsolUser -UserPrincipalName user2345@domain.com -RemoveFromRecycleBin
Note:
https://support.microsoft.com/en-us/help/2647098/duplicate-or-invalid-attributes-prevent-directory-synchronization-in-o
https://support.microsoft.com/en-us/help/2643629/one-or-more-objects-don-t-sync-when-the-azure-active-directory-sync-to
https://support.microsoft.com/de-de/help/2430520/error-in-the-office-365-portal-value-of-msrtcsip-primaryuseraddress-or
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-syncservice-features
In your solution, line 3 generates an error on my 2016 server - "You cannot call a method on a null-valued expression."
ReplyDeleteHi, this is because a typo in the first line:
Delete$upn = user@domain.com
the equal is missing
Thanks Thomas, but no, I spotted that and fixed it (you also need quotes round the email address). Still got the error...
DeleteThis is honestly wired. The error tells you, that ToBase64String($GUID.tobytearray() is empty/ has no value/ the transformed expression should be empty. can you check, the result if ToBase… only
DeleteI get the same thing reported as Thomas Poett. Maybe this blog post should be fixed or taken down?
ReplyDeleteDid you check the ToBase only. What’s your result?
Delete