AD user synced with wrong domain

Question

Hi Support,

In our Office 365 portal have 2 subdomain.

constoso.onmicrosoft.com

Contoso-A.com

Contoso-B.com

Initial office 365 user are manually created in Office 365 portal and after this,  we configure ADD Connect  with Email-attributes filtering to sync AD user with Office 365 user.

We found out tht there are two users from different domain have same email address insert into AD object Email attribute. When we perform synced that time, we accidentally synced with wrong Office 365 user.

*** Email address is removed for privacy *** (AD object Email attribute for user1 - *** Email address is removed for privacy ***)

*** Email address is removed for privacy *** (AD Object Email attribute for user2 - *** Email address is removed for privacy ***)

It means a contoso-A AD user, is synced to a contoso-B office 365 user which is wrong, supposedly should be contoso-B AD user synced with contoso-B office 365 user. May i know how to fix this issue so contoso-B AD user synced with contoso-B office 365 user? 

Since it using OU + Email filtering, i can not just remove email attribute to make *** Email address is removed for privacy *** become *** Email address is removed for privacy *** and perform sync to sync contoso-B AD user with *** Email address is removed for privacy *** ( once remove email attribute and sync, it will delete office 365 mailbox to deleted item.)

What is the proper step to resolve this issue?

Regards,

Answer 1

Khleong9122,

Based on my test, there is a workaround may work for you.

First, we should deactivate the DirSync server in portal.

And then we can use hard match to match the local user and Office 365 user. You can match the userA to Office 365 with userA and userB to Office 365 with userB.

Please refer to the following link for detailed steps:

http://blogs.technet.com/b/praveenkumar/archive/2014/04/12/how-to-do-hard-match-in-dirsync.aspx

Thanks,

Jason Jiang

Answer 2

Hi Jason,

Please find below for my reply.

Jason: Have you tried manually change the local *** Email address is removed for privacy ***'s email address and then re-sync to see the result?

May i know how to do in order to let *** Email address is removed for privacy *** to sync with *** Email address is removed for privacy *** (Office 365 mailbox) since *** Email address is removed for privacy *** (Office 365 mailbox)  already synced with *** Email address is removed for privacy *** (AD Object)?

It is follow your advice to manually change the local *** Email address is removed for privacy ***'s email address and then perform re-sync? I'm afraid it will delete the mailbox or show duplicate user detect when try to sync.

Currently, *** Email address is removed for privacy *** (Office 365 mailbox) is using by user so i can not just try to change at test it out.

Jason: If it not works, we can only manually re-create the account.

Can you please explain more on this, what you mean manually re-create the account? Re-create AD account or office 365 user account?

Delete AD object *** Email address is removed for privacy *** from AD and perform sync to delete Office 365 mailbox, perform sync again to create *** Email address is removed for privacy *** in office 365?

Regards,

Answer 3

Hi khleong9122,

I understand you have already synced with the wrong user.

I’m afraid it is not feasible to roll back it.

Have you tried manually change the local *** Email address is removed for privacy ***'s email address and then re-sync to see the result?

If it not works, we can only manually re-create the accounts.

Thanks for your understanding.

Jason Jiang

Answer 4

Hi Jason Jiang,

Yes, you are right, these two accounts have the same email address in local AD due to we not notice these 2 user have the same email address.

We user SMTP matching to sync but we accidentally match the wrong user to account created in Office 365.

Which is we after perform SMTP matching to match *** Email address is removed for privacy *** (AD Object) to *** Email address is removed for privacy *** (Office 365) and now is synced with Active Directory. We found out is we match the wrong AD object due to both user are use the same email address in their Email-attribute.

Example:

The SMTP matching should be like below but we have duplicate email in both AD object caused it match to wrong user.

AD Object                                                                                                                                                       

*** Email address is removed for privacy *** (AD object Email attribute for user1 - *** Email address is removed for privacy ***) - >      *** Email address is removed for privacy *** (Office 365 mailbox)

*** Email address is removed for privacy *** (AD Object Email attribute for user2 - *** Email address is removed for privacy ***) ->      *** Email address is removed for privacy *** (Office 365 mailbox)

Supposedly correct should be like this.

*** Email address is removed for privacy *** (AD object Email attribute for user1 - *** Email address is removed for privacy ***) - >      *** Email address is removed for privacy *** (Office 365 mailbox)

*** Email address is removed for privacy *** (AD Object Email attribute for user2 - *** Email address is removed for privacy ***) ->      *** Email address is removed for privacy *** (Office 365 mailbox)

Since we already synced with wrong user, may i know how to resolve this issue?

Regards,

Answer 5

Hi khleong9122,

It is a little confused me.

Since the accounts are created in Office 365, we should use SMTP matchingto match on-premises user accounts to Office 365 user accounts for directory synchronization.

Do you mean these two accounts have the same email address in local AD?

If so, I’m afraid it is not feasible to sync two different accounts to Office 365 in this scenario.

Can you change one of the email address to user2@ contoso-A.com as a workaround?

If I have misunderstood anything, please give us the detailed example for further troubleshooting.

Thanks,

Jason Jiang