@Abhijeet-MSFT thank you for trying to help. I got this finally resolved by using hard-match instead.
Azure AD connect group soft match error
Hi all, we have migrated to a new onprem AD forest recently, but kept the same O365 tenant.
Soft matching of user accounts between new AD and O365 went just fine.
But we are facing some issues when matching cloud distribution lists and email enabled security groups with onprem objects.
Insted of matching the groups, O365 just creates a new group with company.onmicrosoft.com smtp address. Any ideas ?
Azure AD Connect Health shows an error saying that there are duplicate attributes - SMTP proxyaddress.. but SMTP has to be the same on onprem and Cloud object in order for soft matching to work...
I have done this kind of group soft matching a few times before and it worked fine, but not in this case...
R-
1 additional answer
Sort by: Most helpful
-
Abhijeet-MSFT 546 Reputation points Microsoft Employee
2021-01-18T17:06:37.387+00:00 Hi @Ruslan Nalivaika , this can happen if the group objects were updated with matching SMTP address after AD Connect had already evaluated them/ a sync was already run. https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-existing-tenant#sync-with-existing-users-in-azure-ad
Another possible cause could be if default sync rules have been modified. Customer can also try to use the preview feature and look at the complete flow without creating a new object. https://learn.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-object-not-syncing