Hi @Denis Debijađi ,
The warning "exported-change-not-reimported" means that the imported object's attributes do not match with the object attribute set when it was last exported. One of the *potential *reasons this happens is the value being deleted or changed in the connected data source after being set through the export of Azure AD Connect.
Are you able to see the value that was exported in the destinated connected data source? Since you mentioned msDS-KeyCredential-Link , it sounds like there could be a permissions issue. Make sure that the following permissions are added:
- Add the AADSync account to the "Enterprise Key Admins" group
- Make sure you have added all of the permissions and prerequisites for updating this value is shown in this article.
https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync#configure-permissions-for-key-synchronization
You can also try running a full sync cycle with: Start-ADSyncSyncCycle -PolicyType Initial
Let me know if this helps and if you still face this issue.
If the information helped you, please Accept the answer. This will help us and improve searchability for others in the community who may be researching similar questions.