Azure AD connect group soft match error

Ruslan Nalivaika 106 Reputation points
2021-01-15T16:22:43.74+00:00

Hi all, we have migrated to a new onprem AD forest recently, but kept the same O365 tenant.

Soft matching of user accounts between new AD and O365 went just fine.

But we are facing some issues when matching cloud distribution lists and email enabled security groups with onprem objects.

Insted of matching the groups, O365 just creates a new group with company.onmicrosoft.com smtp address. Any ideas ?

Azure AD Connect Health shows an error saying that there are duplicate attributes - SMTP proxyaddress.. but SMTP has to be the same on onprem and Cloud object in order for soft matching to work...

I have done this kind of group soft matching a few times before and it worked fine, but not in this case...

R-

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,859 questions
{count} votes

1 additional answer

Sort by: Most helpful
  1. Abhijeet-MSFT 541 Reputation points Microsoft Employee
    2021-01-18T17:06:37.387+00:00

    Hi @Ruslan Nalivaika , this can happen if the group objects were updated with matching SMTP address after AD Connect had already evaluated them/ a sync was already run. https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-existing-tenant#sync-with-existing-users-in-azure-ad

    Another possible cause could be if default sync rules have been modified. Customer can also try to use the preview feature and look at the complete flow without creating a new object. https://learn.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-object-not-syncing