Azure AD Sync - Distribution Group - Incorrect Properties

Question

I am working in an AD environment that has an on-prem AD to Microsoft 365 sync.

I am having trouble with a Distribution Group synchronizing properly:

1. On prem, there was a USER called TaxDeptFax. I needed to delete this user on-prem and in Microsoft 365. In Microsoft 365, I also deleted the user from the 'Deleted Users' section.
2. On prem, I created a DISTRIBUTION GROUP (Universal) called TaxDeptFax. The e-mail address is TaxDeptFax@company.com. I also modified the attribute editor to ensure that TaxDeptFax@company.com is reflected in the 'mail' attribute. I also created a 'proxyAddress' for SMTP:TaxDeptFax@company.com.
3. After synchronization, I do see an object that appears in Microsoft 365. But, the name and email are just long strings of seemingly random characters. I know this is the sync'd distribution group because of the group membership.

Why isn't this object coming over properly? My assumption is that this is related to the fact that there was a PREVIOUS object with the same name.

How can I figure out what is going wrong? Thanks

P

Answer 1

@PM I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others ", I'll repost your solution in case you'd like to "Accept " the answer.

Issue: Azure AD Sync - Distribution Group - Incorrect Properties, After synchronization, I do see an object that appears in Microsoft 365. But, the name and email are just long strings of seemingly random characters. I know this is the sync'd distribution group because of the group membership.

Solution: Resolved by PM and below are the steps

there was a public folder that was synchronizing, and it had that e-mail address. The public folder was not visible in teh Azure or M365 console GUIs.

As I mentioned, the synchronized object had a strange name. I got the Object ID and ran this command:

$errors = (Get-MsolGroup –ObjectID [ENTER ID HERE]).Errors

$errors | foreach-object {"`nService: "+ $.ErrorDetail.Name.split("/")[0]; "Error Message: "+ $.ErrorDetail.ObjectErrors.ErrorRecord.ErrorDescription}

The output helped me to learn that an existing object with that e-mail address and\or UPN already existed. Then I ran:

Get-Recipient | where {$_.EmailAddresses -match "taxdeptfax@company.com"} | fL Name, Recipienttype,emailaddresses

The output showed me a public folder.

Then, I ran disable-MailPublicFolder -Identity "TaxDeptFax".

Then, I re-created the distro group in the on-prem AD, and it sync'd properly.

Answer 2

Hello,

Try utilizing Azure AD Connect troubleshooting wizard:

Troubleshoot object synchronization with Azure AD Connect sync

https://learn.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-objectsync

You may have a UPN mismatch.

---

If this is helpful please accept answer.

Answer 3

I solved this.

Somehow, there was a public folder that was synchronizing, and it had that e-mail address. The public folder was not visible in teh Azure or M365 console GUIs.

As I mentioned, the synchronized object had a strange name. I got the Object ID and ran this command:

$errors = (Get-MsolGroup –ObjectID [ENTER ID HERE]).Errors

$errors | foreach-object {"`nService: "+ $.ErrorDetail.Name.split("/")[0]; "Error Message: "+ $.ErrorDetail.ObjectErrors.ErrorRecord.ErrorDescription}

The output helped me to learn that an existing object with that e-mail address and\or UPN already existed. Then I ran:

Get-Recipient | where {$_.EmailAddresses -match "taxdeptfax@company.com"} | fL Name, Recipienttype,emailaddresses

The output showed me a public folder.

Then, I ran disable-MailPublicFolder -Identity "TaxDeptFax".

Then, I re-created the distro group in the on-prem AD, and it sync'd properly.