Duplicate Attribute Error

Question

Duplicate Attribute Error

Chip Parham 0

I recently synced my On-Premise AD with Azure. The sync was fast and although it worked, I have the Duplicate Attribute Error with a lot of my users. Our domain is the same in Azure as it is on the On-premise server. Usernames are also the same.

I thought that these profiles would merge or something, but instead it has created new users in Azure with unique usernames that are not the same as in our server. If I create a user in Active Directory it is also not adding that user in Azure. I have also tried creating the user in Azure to see if it replicates and that is also a bust.

What have I done wrong? Am i going to have to create a user in multiple places SSO to work with other applications? Am I just really confused as to what syncing AD to Azure actually did for me?

Givary-MSFT 35,786 Reputation points Microsoft Employee Moderator

2023-09-28T04:55:57.8966667+00:00

@Chip Parham Just checking in to see if below information was helpful. If you have any further updates on this issue, please feel free to post back.
JamesTran-MSFT 37,246 Reputation points Microsoft Employee Moderator

2023-10-02T22:13:34.4366667+00:00

@Chip Parham

I wanted to check in and see if you had any other questions or if you were able to resolve this issue?

If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.

If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.
Chip Parham 0 Reputation points

2023-10-03T13:45:47.88+00:00

I appreciate the help but no, none of this worked to help fix my issue. In fact I reached out to MS Support and after a few hours we were able to get one to sync properly with Azure and my On-premise server but at a cost, it immediately broke authentication for that user. We unsynced the user and the user is still unable to login. Our Office 365 uses GoDaddy SSO and we believe that is the problem but GoDaddy has been unable to fix the issue and have now opened their own ticket with MS Support. Below is the error I get when trying to sign this user in:

Request Id: baaee9ec-ce5a-49af-9952-5b1b28702500

Correlation Id: c1afb28f-2ee9-8a38-dcd9-ece9441aa249

Timestamp: 2023-10-03T13:43:19Z

Message: AADSTS51004: The user account 8EfWg6GwDEKSRkm5lAzaKA== does not exist in the 91ea66ac-831a-4c13-bcee-9b52f22f5aab directory. To sign into this application, the account must be added to the directory.

The user is enabled in Office 365 with a license, in GoDaddy enable, and although the sync is broken with this user now, also in our on-premise AD server.

1 answer

Your answer

Givary-MSFT 35,786 Reputation points Microsoft Employee Moderator

2023-09-28T04:55:57.8966667+00:00

@Chip Parham Just checking in to see if below information was helpful. If you have any further updates on this issue, please feel free to post back.
JamesTran-MSFT 37,246 Reputation points Microsoft Employee Moderator

2023-10-02T22:13:34.4366667+00:00

@Chip Parham

I wanted to check in and see if you had any other questions or if you were able to resolve this issue?

If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.

If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.
Chip Parham 0 Reputation points

2023-10-03T13:45:47.88+00:00

I appreciate the help but no, none of this worked to help fix my issue. In fact I reached out to MS Support and after a few hours we were able to get one to sync properly with Azure and my On-premise server but at a cost, it immediately broke authentication for that user. We unsynced the user and the user is still unable to login. Our Office 365 uses GoDaddy SSO and we believe that is the problem but GoDaddy has been unable to fix the issue and have now opened their own ticket with MS Support. Below is the error I get when trying to sign this user in:

Request Id: baaee9ec-ce5a-49af-9952-5b1b28702500

Correlation Id: c1afb28f-2ee9-8a38-dcd9-ece9441aa249

Timestamp: 2023-10-03T13:43:19Z

Message: AADSTS51004: The user account 8EfWg6GwDEKSRkm5lAzaKA== does not exist in the 91ea66ac-831a-4c13-bcee-9b52f22f5aab directory. To sign into this application, the account must be added to the directory.

The user is enabled in Office 365 with a license, in GoDaddy enable, and although the sync is broken with this user now, also in our on-premise AD server.

Answer 1

Hello @Chip Parham

Thank you for reaching out. I would like to share following details with you:

When you install Microsoft Entra Connect and you start synchronizing, the Azure AD Sync service (in Microsoft Entra ID) does a check on every new object and tries to find an existing object to match.
There are three attributes used for this process: userPrincipalName, proxyAddresses, and sourceAnchor/immutableID.
A match on userPrincipalName or proxyAddresses is known as a soft match.
A match on sourceAnchor is known as hard match.
For the proxyAddresses attribute only the value with SMTP:, that is the primary email address, is used for the evaluation.
The match is only evaluated for new objects coming from Connect.
If you change an existing object so it is matching any of these attributes, then you see an error instead.

In short, when you have existing tenant, you would need to make sure that following attributes match for user whom you are trying to perform soft match.

userPrincipalName and SMPT proxyAddresses should be same as cloud user.
EnableSoftMatchOnUpn feature should be turned on Azure AD Connect. (More details available on following: https://learn.microsoft.com/en-us/troubleshoot/azure/active-directory/use-upn-matching-identity-sync)
For complete details please review: How to Sync with existing users in Microsoft Entra ID.

I hope this helps and hence would request you to please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Share via

Duplicate Attribute Error

1 answer

Your answer