Share via

Sync users error

Anonymous
2016-06-08T04:17:55+00:00

Hello,

We have a problem with our synchronization of users with Azure Connect.

Scenario:

2 years ago we had setup a test environment with Office 365, synced the users and had setup the Exchange Hybrid. We quitted the AD sync by turning of the server and on Office 365 we stopped the Exchange Hybrid because of problems with mail flow. Now we use SharePoint and Onedrive so the users cant be deleted.

**Problem:**Overwriting the users is not possible because they are corrupted with the mail account. We try to rename the users so we can sync the users again to get new users. When we rename the UPN, proxyaddress and ImmutableID but we get an error:

Unable to update this object because the following attributes associated with this object have values that may already be associated with another object in your local directory services: [OnPremiseSecurityIdentifier System.Byte[];].  Correct or remove the duplicate values in your local directory.

If I look with powershell in AzureAD no user has the ImmutableID which is in the error message.

Question:

Why do I get the error message and how can I resolve it?

I hope there is a way, else we have to delete all users witch are production users in SharePoint.

Thank in forward and greetings,

Jasper

Microsoft 365 and Office | Subscription, account, billing | For home | Windows

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

6 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2016-06-11T02:06:00+00:00

    Hi Jasper,

    Thanks for your reply.

    The ImmutableID is null in your screenshots for that user. It means the connection of two accounts is disconnected. It is a little bit wired. Given the situation, please run the following powershell command in cloud:

    get-recipient * | where {$_.EmailAddresses -match "*** Email address is removed for privacy ***"} | fl Name, RecipientType, EmailAddresses

    Note: When you run the command, please try the primary email address and aliases.

    After that, you can upload the result in the private message.

    Best Regards,

    Erick

    Was this answer helpful?

    0 comments
  2. Anonymous
    2016-06-10T05:03:50+00:00

    Erick,

    Thank you for replying again, my problem is that I can't match the users because the cloud user is corrupt. I'm searching for a way to NOT link the users to the cloud users so I get new users in stead of corrupted users in the cloud.

    I can't delete them because they are sharepoint and onedrive production users.

    I hope you know a way to sync new users, it seemed so easy but now I know better.

    Thank you again and I hope to hear from you again.

    Greetings,

    Jasper

    Was this answer helpful?

    0 comments
  3. Anonymous
    2016-06-10T02:15:27+00:00

    Hi Jasper,

    I have got the information in the private message. Microsoft always protects user’s private information. Please don’t worry, only you and me can check the workspace.

    Based on your information and screenshots, since you turned off the AD sever and now you synced users again, I think the issue is related to rename UPN and the GUID doesn’t match. Given the situation, I suggest you do the Hard Match.

    After you run the Hard Match for the related user, please manually run the force sync again.

    If you have any issues when doing that, please feel free to let me know.

    Best Regards,

    Erick

    Was this answer helpful?

    0 comments
  4. Anonymous
    2016-06-09T04:04:34+00:00

    Erick,

    Thank you for the reply.

    I found the link myself to and the solution is not working for me. They only talk about linking with UPN and proxyaddress and not linking with ImmutalbeID like you cant match with ImmutableID. It feels like a new technology since i cant find information about the error message.

    I made and uploaded the screenshots for you with some more information (i hope i can trust you). The users are mailusers so they are connected to a contact in the Exchange online admin console, so get-mailbox is not the correct command, get-mailuser is. I made a get-mailuser screenshot from the specific user too.

    I hope you can see something what i didn't saw or know.

    Thank you and succes with reading and i hope you can solve my problem.

    Greetings,

    Jasper

    Was this answer helpful?

    0 comments
  5. Anonymous
    2016-06-09T02:28:51+00:00

    Hi Jasper,

    Based on the error message, the issue may be related to the duplicate or invalid alias values, and if these user objects are not synced from the AD DS schema to Office 365 correctly during directory synchronization.

    Please try the following methods in the link to see whether you can find any information:

    Duplicate or invalid attributes prevent directory synchronization in Office 365

    If the issue persists after you try the steps above, can you upload some screenshots of the issue? I’d like to collect the following screenshots:

    1. The problematic ImmutableID.

    2. Get-MsolUser  -All | Select UserPrincipalName, SignInName | FT

    3. Get-Mailbox | fl "UserPrincipalName", "UserPrincipalName", “WindowsEmailAddress”

    To protect your privacy, I have sent you a private message to collect them. Please click on the link below to access to your Private Message:

    https://community.office365.com/user/conversations

    Best Regards,

    Erick

    Was this answer helpful?

    0 comments