Hi @Marcel Sic , the InvalidHardMatch
error occurs when Azure AD Connect is unable to match an on-premises object with an existing object in Azure AD. This can happen when the sourceAnchor
attribute, which is used for hard matching, is not unique for the object.
In your case, since you have excluded the mail
attribute from synchronization, the sourceAnchor
attribute may not be unique for some objects, resulting in the InvalidHardMatch
error.
To resolve this issue, you can consider using a different attribute for hard matching. The objectGUID
attribute is a good candidate for hard matching, as it is unique for each object in Active Directory. You can configure Azure AD Connect to use the objectGUID
attribute for hard matching by following these steps:
- Open the Azure AD Connect configuration wizard.
- On the "Configure synchronization options" page, select "Customize synchronization options" and click "Next".
- On the "Optional features" page, select "Directory extensions" and click "Next".
- On the "Configure directory extensions" page, select "Source Anchor" and click "Next".
- On the "Configure source anchor" page, select "Use an attribute to create the source anchor" and select "objectGUID" from the dropdown list.
- Click "Next" to complete the configuration wizard.
After configuring Azure AD Connect to use the objectGUID
attribute for hard matching, you should perform a full synchronization to ensure that all objects are matched correctly.
Please let me know if you have any questions and I can help you further.
If this answer helps you please mark "Accept Answer" so other users can reference it.
Thank you,
James