Azure AD Connect Sync Errors detected

Dilan Nanayakkara 1,111 Reputation points
2020-12-23T01:56:32.157+00:00

Hi All,

Appreciate the help on the below issue.

50439-4.jpg

We are getting an email with the subject of "Azure AD Connect Sync Errors detected". I have followed the below steps so far,

*Checked the Azure AD connector Sync errors but there are no errors visible at all

50622-1.jpg

*Checked the Azure AD sync service status and it is in a healthy state so far.

50612-2.jpg

*Restarted the Azure AD Connect Sync Service.

*Ran a delta synchronization and it has been succeeded with below 4 errors. However, according to the email received there were 12 errors.

50613-3.jpg

50548-5.jpg

Thanks,
Dilan

Microsoft Security Microsoft Entra Microsoft Entra ID
0 comments No comments
{count} votes

Accepted answer
  1. mirba-msft 651 Reputation points Microsoft Employee Moderator
    2020-12-23T09:40:14.353+00:00

    Hello @Dilan Nanayakkara

    Thank you for reaching out to us.

    And Thank you for providing all the screenshots as I can see from the screenshot there are no error showing either up in Synchronization service manager or the Azure AD Connect Health portal and 4 error are not relevant to the email that you are receiving in this case I would like you to run the IDFIX tool and see if you are able to find any error if Yes then please resolve them and wait for at least a week as you might be receiving the email on weekly basis.

    There are two more places where you can look for the synchronization errors one is the Microsoft 365 Admin center see if you are able to find those 12 errors that you have received through the email and if you see them then resolve them according to the error.

    50746-image.png

    and the other one is by running the PowerShell command below This article talks about Identifying Objects with Dir Sync Provisioning errors using Powershell.

    Get-MsolDirSyncProvisioningError -ErrorCategory PropertyConflict

    This article has the IDFIX tool download link and user guide which you can follow to generate the report on your local AD.

    If you are still getting the email after following all the troubleshooting steps mention above then this will require and ICM where Product Group has to fix this issue from the Backend, so please open a support ticket and the support engineer assigned will be able to create an ICM for you.

    In case you have any questions on the same, you can surely let us know and we will be happy to help you further. If this post provides you the answer you were looking for, do accept it as an answer in the interest of community members with similar queries. If this does not answer, please ask further in the comments and we will happy to address your concerns.

    Thank you.

    1 person found this answer helpful.
    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. Andy David - MVP 157.4K Reputation points MVP Volunteer Moderator
    2020-12-23T13:16:41.747+00:00

    Those are permission errors writing back to on-prem yes?
    That connector is the on-prem one it looks like and the error is on export.

    In that case, the issue is most likely that the AD accounts themselves have security inheritance disabled and the AADConnect AD Sync account cant update them because of that.

    You can remove inheritance and re-run a delta sync to clear that

    See my answer here:

    https://learn.microsoft.com/en-us/answers/questions/114601/azure-ad-sync-connect-issue-with-permission-error.html

    For the other errors, check the AADConnect Sync Manager and the export to your Azure tenant. Sure there arent errors there as well?

    0 comments No comments

  2. Dilan Nanayakkara 1,111 Reputation points
    2020-12-24T01:34:26.57+00:00

    Thank you @mirba-msft and @Andy David - MVP . Will check and let you know guys.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.