AzureDirectoryServiceAttributeValueMustBeUnique ProxyAddress SMTP

Lloyd-8126 0 Reputation points
2023-08-11T14:41:47.8733333+00:00

I keep hitting a wall when trying to sync users from on prem to accounts already created on AAD for Microsoft 365.

When I do a Provision on Demand test for the users I get this error

An attribute value violates a uniqueness constraint. Please study the values of the attributes, comparing them the attributes of already-existing objects in Azure Active Directory and resolve the conflict by modifying the value in the source directory. This attribute, in particular, appears to have an invalid value: ProxyAddresses SMTP:firstname.lasntame@business.com;.

However no other object appears to have it.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,375 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Andy David - MVP 147.6K Reputation points MVP
    2023-08-11T14:48:35.49+00:00

    Did you check the that proxy address to see if an object had that for its UPN in Azure?

    ALso see:

    https://learn.microsoft.com/en-us/answers/questions/1137548/azure-ad-connect-agent-not-able-to-merge-existing


  2. Lloyd-8126 0 Reputation points
    2023-08-14T15:24:51.56+00:00

    Right I've managed to get the accounts to sync but needed to change a few things in the on-prem account.

    I removed mail & proxyAddresses attributes from the AD account then did a sync which generated a duplicated account in Azure. I then took the On-premises immutable ID from the duplicate account, using Set-MsolUser -UserPrincipalName first.lastname@business.com -immutableID *******

    Delete the duplicate Azure account and changed the account user login name back to the .local domain on AD

    Re-sync and this matched the accounts fine once that was done the User logon name, mail and proxyAddresses attributes could be put back to what they should be.

    0 comments No comments

  3. Sandeep G-MSFT 18,766 Reputation points Microsoft Employee
    2023-09-26T03:29:21.8633333+00:00

    @Lloyd-8126

    I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "[The question author cannot accept their own answer. They can only accept answers by others] (https://docs.microsoft.com/en-us/answers/support/accepted-answers#why-only-one-accepted-answer)**)", I'll repost your solution in case you'd like to "[Accept] (https://docs.microsoft.com/en-us/answers/support/accepted-answers#accepted-answer-in-a-question-thread)**)" the answer.

    You removed mail & proxyAddresses attributes from the AD account then did a sync which generated a duplicated account in Azure. You then took the On-premises immutable ID from the duplicate account, using Set-MsolUser -UserPrincipalName first.lastname@business.com -immutableID *******

    Delete the duplicate Azure account and changed the account user login name back to the .local domain on AD

    Re-sync and this matched the accounts fine once that was done the User logon name, mail and proxyAddresses attributes could be put back to what they should be.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.