Solved

Office 365 Azure AD Connect Sync Issues

Posted on 2016-09-19
10
109 Views
Last Modified: 2016-10-06
Hello
I have AD users that are non-employees but in our domain to use our SharePoint 2013 on-prem instance.  At the same time they are also a mail contact as they need to be in distribution groups.  We use Office 365 for Exchange Online and azure ad connect to sync our users from AD to Office 365.

Since this user has an email address in their profile and the same email for their mail contact I am getting an Identity synchronization Error Report for this selected user.  In the error description it notes the the user's ProxyAddress duplicated in active direct (mail contact).  But we actually need to the duplicates to exist.

Wondering if anyone has run into this issue and best way around the issue?
0
Comment
Question by:EA-170
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
10 Comments
 
LVL 42

Assisted Solution

by:Vasil Michev (MVP)
Vasil Michev (MVP) earned 250 total points
ID: 41805317
You cannot have duplicate proxy addresses in O365. Simply change the proxyaddresses attribute of one of the objects. Or dont sync them both to the cloud (here's the article on how to exclude certain objects from sync: https://azure.microsoft.com/en-gb/documentation/articles/active-directory-aadconnectsync-configure-filtering/#configure-attribute-based-filtering)
0
 

Author Comment

by:EA-170
ID: 41805440
If I remove the proxyaddress from the mail contact being sync, will that break the mail contact?  This would be my apprehension with doing this, just want to make sure the mail contact would continue to exist and work
0
 
LVL 42

Expert Comment

by:Vasil Michev (MVP)
ID: 41805555
You need to have some address for it.
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 16

Expert Comment

by:Todd Nelson
ID: 41805668
Does the user have a mailbox on premises or a contact; or both?  If no mailbox, I would suppose the E-mail field under the General Tab is populated with the same address that was set for the contact and that is causing the conflict.

Am I understanding that correctly?
0
 

Author Comment

by:EA-170
ID: 41805840
Correct - user doesn't have a mailbox in either the cloud or on-prem but their external email is on the general tab.  That same external email address is their contact email address.
0
 
LVL 16

Accepted Solution

by:
Todd Nelson earned 250 total points
ID: 41805849
Is there a specific reason you have the E-mail field populated for that AD user?  I am certain that is what is causing the conflict.  It's not necessary to have anything in the field if there is no mailbox for the user.  Remove the unnecessary data in the field and the syncing will occur without error.

Alternatively, you could not sync the AD user to O365.  To do that, I suggest configuring OU and/or attribute filtering with AAD Connect to resolve.

AAD Connect Filtering References...
0
 

Author Comment

by:EA-170
ID: 41807495
We have SharePoint onsite and thought the email in the user's profile is sync from AD to SharePoint through the user profile service
0
 
LVL 16

Expert Comment

by:Todd Nelson
ID: 41807533
Unfortunately, I'm not familiar with SharePoint to say if it utilizes the Email field or not, or if that is what is required to be synchronized to SharePoint Online.

You could always test a theory by removing the email address and put the value back if it is needed.

I do know, however, that you cannot have duplicates across your AD objects or syncing will not occur for the conflicting objects until the conflict is resolved.
0
 
LVL 16

Expert Comment

by:Todd Nelson
ID: 41828754
EA-170,

Will you provide a status update to your request?
0
 

Author Closing Comment

by:EA-170
ID: 41831930
sorry for the lack of feedback - got caught up on another issue but was able to resolve by removing the email address in the proxy address attribute.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question