Azure AD Connect client error

Question

Hi!

I'm having a sync error in Azure AD Connect. This has been working just fine for years. The other day I tried to add a “Directory extension attribute” to the sync schema. I wanted to synch the users AD images so I added the thumbnailPhoto (user) attribute. When syncing I got an error stating “ExceededAllowedLength”. So, I rolled back the setting I made in the sync client but now the client every time it syncs still tries to add the attribute and I can’t get rid of it.

The error message is as follows:

Unable to update this object in Azure Active Directory, because the attribute [extension_646b598f48464f01b857ebdd69851e43_thumbnailPhoto], in the local Directory exceeds the maximum allowed length. If you want to update, reduce the length in the local directory services, and then try again.

Tracking Id: 1fa22a48-21ac-4008-9073-27bf2cdb2f9c
ExtraErrorDetails:
[{"Key":"ObjectId","Value":["f9b6c12d-4743-43b1-8f7a-3b7886930d8e"]},{"Key":"InvalidAttributeName","Value":["extension_646b598f48464f01b857ebdd69851e43_thumbnailPhoto"]},{"Key":"MaxLength","Value":["0"]},{"Key":"MinLength","Value":["0"]}]

I’ve looked everywhere for the attribute trying to get synced and where I find it it’s been disabled. Does anyone have any ideas?

//Daniel

Answer 1

@Daniel Petersson Thanks for reaching out.

If you do not want that Thumbnail photo Attribute to get synced, you can uncheck that from the list of attributes under synchronization service.

Make sure that you do not need this attribute first before unchecking it. I am assuming that you are not syncing any thumbnailphoto for any users,

If yes, then only do this. If you do not get this error message for all users and only for some, you need to make sure to compare the photo size from a working user (should be under 10kb) and manually change that for non working users so that their thumbnail photo is under 10KB max. Once done, these error wont show up.

-----------------------------------------------------------------------------------------------------------------

If the suggested response helped you resolve your issue, please do not forget to accept the response as Answer and "Up-Vote" for the answer that helped you for benefit of the community.

Answer 2

The issue here is that you configured an attribute to flow by creating the new extension, and that queued up a pending exports containing that new attribute flow. If we think of this configuration change you made as a pipe carrying water - your configuration change caused a leak in the pipe that created a bunch of pending actions (spilled liquid). Removing the configuration change stopped the leak, but did not do anything to clean up the pending actions (leaked water) that had already been staged.

In order to resolve this, the pending updates need to be removed from the Azure AD Connector Space in AAD Connect. Your best bet here is to create a support case so that a support engineer can walk through this with you and ensure that you don't make any missteps that could cause unintended changes such as unwanted deletions in Azure AD.