duplicate account in Azure AD but not in Windows AD

Question

Before a hybrid setup was done we had a user already created in Azure AD/Office 365. We had all users created first in Office365 as email accounts which naturally created them as users in Azure AD. We then started creating a Windows AD Domain and we wanted to start syncing the users. We created, in the Windows AD, all users exactly how they were in Azure AD and all of them synced fine, except for one. For some reason Azure AD created a new user that had numbers appended to the end of the username and said that it was synced with Windows AD. The actual Windows AD user is still in Azure but it says it is not synced to Windows and since the wrong user is synced to Windows I can't delete it. Any ideas on this?

Answer 1

Hi @Anonymous ,

This issue occurs if there are duplicate UPNs. To resolve this issue, find the users who have duplicate UPNs, and then change the UPNs so that they are unique. You can follow the steps outlined in the troubleshooting guide for this exact issue:

Step 1: Check your local directory
Use the IdFix DirSync Error Remediation Tool to identify duplicate or invalid attributes.

To resolve duplicate attributes by using the IdFix Tool, see "Duplicate" is displayed in the ERROR column.

For more information about the IdFix tool, go to IdFix DirSync Error Remediation Tool.

Step 2: Check Azure AD
You can use the Office 365 portal or the Azure Active Directory Module for Windows PowerShell to check Azure AD for duplicate attributes.

If you know that you have a duplicate account you can also just delete the duplicate and keep the real account. You can refer to the conversation on this page to avoid such issues in the future.