Share via

Duplicate Attribute Error Azure AD for a user object that does not exist in Azure AD

Shane Primrose 20 Reputation points
2023-05-03T02:18:53.2033333+00:00

We had a LAB only DC copy stood up whith AD Sync connect running which synced an account to Azure AD. DC should not have been connecte dto the internet but it was and it was shutdown unfortunately a account was created in Azure AD which now does not exist on the real DC. Account was hard deleted in AzureAD now getting duplicate Attribute error notification daily from Azure AD. Cannot seem to fix as object ID does not exist in Azure AD so cannot hard fix the object.

Report says Unable to update this object because the null value null associated with this object may already be associated with another object in your local directory services. To resolve this conflict, first determine which object should be using the conflicting value. Then, update or remove the conflicting value from the other object(s).

Object With Conflicting Attribute details are there but the Existing Object all NA

Azure AD sync itself has no errors just a daily critical alert email for Azure AD. Any help appreicated.

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments
Accepted answer
  1. Harpreet Singh Matharoo 8,396 Reputation points Microsoft Employee Moderator
    2023-05-04T05:38:15.92+00:00

    Hello @Shane Primrose

    Thank you for reaching out. Since the original object which should not have been sync'd to Azure AD is no longer existing on DC and is also Hard Deleted on Azure AD you can try following steps to fix the error:

    • Try to run a Full Initial Cycle so that an Full Import and Full Export cycle runs and removes any stale object entries. You can use following command to initiate a Full Sync:
      • Start-ADSyncSyncCycle -PolicyType Initial
    • Alternative you can try below if full sync does not help:
      • Run Full Import Cycle on AD Connector.
      • Run Export Cycle on Azure AD Connector.
      • Perform delta cycle using command Start-ADSyncSyncCycle -PolicyType Delta
    • This should ideally reimport all the objects on AD and remove the stale error.

    I hope this answer helps to resolve your issue. Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sandeep G-MSFT 20,911 Reputation points Microsoft Employee Moderator
    2023-05-04T06:12:35.34+00:00

    @Shane Primrose

    In the email you can check the account for which this error comes up. Look for this object in deleted container in Azure AD. Confirm if this Azure Ad object is required or not. If it is not required then you can delete the object from deleted container so that the object gets deleted permanently. Post that you can try to run sync and issue will be resolved.

    If you are still facing this issue, we can work on this issue offline.

    Please send us an email on azcommunity [at] microsoft [dot] com with Sub - Attn: Sandeg and following details in the email body:

    Link to this thread/post

    We can connect offline and discuss further on this.

    1 person found this answer helpful.
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.