Sync errors detected on your Azure AD Connect servic

Biztechline Consulting 1 Reputation point
2022-02-14T14:49:31.297+00:00

Hi Guys,
I run an infrastructure with a single DC and had all users account synced with office 35 (azure ad connect) previously all was working fine till the DC died and couldn't restore from the back. So, I created a new DC and resynced all account again with Ms Office 365 (Azure AD connect) so far, the accounts where synced but we previously had synced with the old DC and not we are getting: Sync errors detected on your Azure AD Connect service.

All accounts have synced but with extensions at the end, for example, john.smith1345@mydomain.com
The idea is to keep all defaults firs.lastname@mydomain.com
Any idea how to achieve that? Remember we had previously synced and that DC no longer exist! We have a new DC and sync all the accounts again.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,363 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marilee Turscak-MSFT 33,706 Reputation points Microsoft Employee
    2022-02-14T20:57:26.53+00:00

    Hi @Biztechline Consulting ,

    Summary:
    I understand that you were unable to restore your old domain controller, but created all of your accounts in a new domain controller and synchronized them to your tenant.

    Symptoms:
    After synchronizing the accounts, the UPNs all have numbers added to firstname.lastname such as john.smith1234@yourdomain.com.

    Cause:
    This issue occurs because the users exist in both your on-premises directory and in Azure and you have duplicate UPNs.

    Solution

    1. ) Delete the duplicated accounts from Microsoft 365 and make sure that they are removed from the "deleted users" section of the portal. Remove-MsolUser -UserPrincipalName <duplicateaccounts@keyman .com> -RemoveFromRecycleBin

    2.) Hard match or soft match the users so that Azure AD Connect knows that they refer to the same user.

    There is a very good explanation of hard matching and soft matching here: https://dirteam.com/sander/2020/03/27/explained-user-hard-matching-and-soft-matching-in-azure-ad-connect/

    The hard match is attempted before the soft match is attempted. If there’s no match, a new user object is created in Azure AD to correspond to the user object in the on-premises Active Directory environment.

    Additional resources:
    Number added to user names and email addresses when users are synced to Azure AD
    Azure AD Connect: When you have an existing tenant
    Azure AD Connect - Dealing with incorrectly created users post-sync
    Restore deleted Microsoft 365 Hybrid User

    Let me know if this helps and don't hesitate to ask if you have further questions.

    -

    If this answer was helpful to you, please remember to "mark as answer" so that others in the community with similar questions can more easily find a solution.

    0 comments