When I see that its sometimes because a member of that group is not in scope to be synced to Entra.
Groups are showing Dn-attribute-failure error
Microsoft entra connect shows dn-attribute-failure error message while syncing to azure
Microsoft Security | Microsoft Entra | Microsoft Entra ID
2 answers
Sort by: Most helpful
-
Andy David - MVP 157.5K Reputation points MVP Volunteer Moderator
2025-03-12T20:14:50.87+00:00 -
Josh Villagomez 160 Reputation points Microsoft Employee
2025-03-18T18:29:17.37+00:00 Which Entra Connect version are you using? How long has the error occurred? These errors are a little tricky. Normally, it means there's a member with an invalid distinguished name (DN). For example, an invalid character as part of the DN can trigger this exception.
What you can try doing is performing a preview of the security group, and search for the members that are getting added or modified. You may find the culprit. If it's an invalid attribute, you will of course need to fix it in AD and allow delta to pick it up again.
If it happened within the last seven days, you can review your run profile history for changes on the inbound AD flow. The error is clear - you have a scoped member with an invalid DN.