![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPJ%3C/text%3E%3C/svg%3E)
25,130 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 55.00000000000001%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Hello @Park, Jei,
Thank you for posting your query on Microsoft Q&A.
I understand that when you are trying to sync all users from On-Prem AD to Microsoft Entra ID, you are getting below the error message for some users and groups.
dn-attributes-failure
The error dn-attributes-failure on users and On-Prem AD Security Groups usually occurs when there are users with duplicate attribute values in the on-premises domain and are part of the group being synced to Microsoft Entra ID. For example, you can have the same SMTP/Proxy address configured for 2 users in local AD, but when you sync those users to Microsoft Entra ID, you will encounter a dn-attributes-failure error for all the On-Prem AD Security Group the user is part of.
To resolve this error, you need to correct the duplicate attributes in your On-premises AD for all the users who are part of the affected group. After making the changes in your local AD, please run the below Powershell command to run a full sync cycle.
Start-ADSyncSyncCycle -PolicyType Initial
Also I suggest you to follow these steps to verify the objects causing "dn-attributes-failure" on the group object:
1.Open the Synchronization Service Manager.
2.Open the object with Export Error "dn-attributes-failure" on the Microsoft Entra ID Connector space object.
3.Check the membership attribute open the list of members from the New Value column.
4.Copy the new DN being added into Notepad.
5.Search for that DN in the Microsoft Entra ID Connector Space and check if this object has any errors or conflicts.
6.Resolve the error or conflict for that object accordingly.
7.Repeat the steps 2-6 for other objects if applicable.
8.On the next delta sync cycle, the "dn-attributes-failure" should get resolved.
For additional details, please refer to the below documents for your reference.
I hope this above information provided is helpful. Please feel free to reach out if you have any further questions.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".