Azure AD Connect synchronization export error "Error in evaluation of expression: [givenName]&" "&[sn] . Sync Rule: Out to AAD - User IdentityDestination: displayName".

Saif ShaikhServer engineer
CERTIFIED EXPERT
Worked for Microsoft 4 yrs. as an Exchange Admin. Has been in IT for the last 17 yrs. Currently working as Exchange and O365 migration Exp.
Published:
Edited by: Andrew Leniart
Azure AD Connect synchronization export errors for any object for which we have added expressions such as "comma", "space" OR "&" values.
---------------------------
Error in evaluation of expression: [givenName]&" "&[sn] . Sync Rule: Out to AAD
--------------------------

The Scenario

I have got this client who had Azure AD Connect installed and all AD objects were synced with O365. The error in Miisclient application was for connector "AAD" i.e. Error in evaluation of expression: [givenName]&" "&[sn] . Sync Rule: Out to AAD - User IdentityDestination: displayName

I noticed in Office 365 portal that the user for which the synchronization error was occurring has "," I.e. (comma) under the display name. I crossed checked the local Active Directory object for the user and check the attributes editor in AD. I did not find any discrepancies in the display name and the local object was proper, but somehow there was a "," (comma) before the display name in O365 portal under active user for the same user.

After looking at the Azure AD logs, I also noticed the following error: CS to MV to CS synchronization failed 0x80231362 and Operator & cannot be applied to types string.

This error pointed me in the right direction and I quickly opened the synchronization rules editor program for Azure AD Connect.  There are 2 rules "Inbound" and "Outbound" in the synchronization rules editor program. I selected the "Outbound" rule and edited the sync rule "Out to AAD - User Identity".

Here's what I found under the "Transformations" section under "Edit outbound synchronization rule", 


I see that for target attribute "displayName" I noted the source as "[givenName]&" "&[sn]" which is our actual error for the user in Azure AD Connect Miisclient application.

I then opened my test lab in which I have Azure AD Connect installed and verified the "Transformations" section under "Edit outbound synchronization rule". What I saw was Target attribute displayName "Source" was the same as "displayName" which is the default value and "Flow Type" was set as "Direct".

I knew then that the customer has made some changes in Azure AD Connect. 


I then probed the customer for more information and he informed me that as per a management decision, they had to put a "," against the Display Name of the user object in AD. However, the customer also informed me that after this change of adding a "," comma on the object display name, he also ran delta sync on the Azure AD Connect server, hence in O365 portal the user now has a "," I.e. (comma) before display name.

I was stumped. I knew that education was required here . I educated MSP that Azure AD Connect server will not take any expressions on objects which are syncing with O365 I.e. comma, space, and values. This is a design pattern and things are kept simple by Microsoft.

The Solution

1. I opened the synchronization rules editor program for Azure AD Connect.

2. I selected the "outbound" rule and edited the sync rule "Out to AAD - User Identity".

3. So basically it does not give you the ability to edit but prompts to disable the rule "Out to AAD - User Identity" and it creates a clone rule for editable purpose.  

4. I created a clone of the "Out to AAD - User Identity Clone | 28-01-2019"

5. Under "Transformations" section under "Edit outbound synchronization rule" for "Out to AAD - User Identity", I set the default values for "Flow Type" to "Direct" instead of "Expression". "Target Attribute" was already set to "displayName". I set "Source" to "displayName" from "[givenName]&" "&[sn]".

6. For better understanding below are the details which were updated in the synchronization rules editor program for Azure AD Connect.

a) Flow Type - Changed to "Direct" which was earlier set to "Expression".
b) Target Attribute - was already set to "displayName" which is correct.
c) Source - Changed to "displayName" which was earlier set to "[givenName]&" "&[sn]".

7. After the above changes, I forced the delta synchronization and got success for sync and no errors were reported.

8. I then logged in to Office 365 portal and verified the affected user object "," (I.e. comma) was not there anymore and it was showing the correct display Name for the user.



1
691 Views
Saif ShaikhServer engineer
CERTIFIED EXPERT
Worked for Microsoft 4 yrs. as an Exchange Admin. Has been in IT for the last 17 yrs. Currently working as Exchange and O365 migration Exp.

Comments (0)

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.

Get access with a 7-day free trial.
You Belong in the World's Smartest IT Community