User synced with incorrect default email address

Angela McLaughlin | NCTCS 0 Reputation points
2023-04-12T18:34:14.72+00:00

We are using Active Directory On-Premise and using Directory Sync to connect to O365. One user has myriad problems - her primary email/UPN is not syncing correctly and instead, the alias listed in Attributes->Proxy addresses is being automatically set to her primary. I have checked the sync logs and can't find any errors, forced sync, verified the settings on the on-premise server as well as in Azure and am not seeing any issues. In addition, two other users didn't sync correctly, and duplicate users were created with .onmicrosoft.com email addresses. Need help tracking down these issues.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,771 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Carlos Solís Salazar 16,701 Reputation points MVP
    2023-04-14T08:57:55.62+00:00

    Thank you for asking this question on the Microsoft Q&A Platform.

    I understand that you have various users with synchronization errors, this can be for many reasons. I would recommend the following tasks: First, run the IdFix Tool

    Microsoft is working to reduce the time required to remediate identity issues when onboarding to Microsoft 365. A portion of this effort is intended to address the time involved in remediating the Windows Server Active Directory (Windows Server AD) errors reported by the directory synchronization tools such as Azure AD Connect and Azure AD Connect cloud sync. The focus of IdFix is to enable you to accomplish this task in a simple, expedient fashion.

    Second, in those cases where you can´t fix the synchronization users and still, you have duplicates user you would have to do a Hard Mach(InvalidSoftMatch)

    When Azure AD Connect (sync engine) instructs Azure AD to add or update objects, Azure AD matches the incoming object by using the sourceAnchor attribute and matching it to the immutableId attribute of objects in Azure AD. This match is called a hard match.

    To understand the Hard-match vs Soft-match can follow this link The followings links can help you to perform the hard match:


    Accept Answer and Upvote, if any of the above helped, this thread can help others in the community looking for remediation for similar issues.

    NOTE: To answer you as quickly as possible, please mention me in your reply.

    0 comments No comments