Azure AD Connect synch issue
I've successfully migrated 70 emails from Hosted exchange to Office 365.
user.name@business.com to user.name@business.com
I then set up Azure AD Connect to find that I needed to create an additional business.com UPN suffix because we had a business.local UPN
I changed the UPN suffix for existing users, with naming convention (buser@business.com) and added an SMTP email address in AD (b.user@business.com)
That being said, I now have an duplicate user, for each user:
,Display name Bob User ,Username buser@business.com Status Unlicensed ,Sync Type Synced with Active Directory
,Display name Bob User ,Username b.user@business.com Status Office 365 Enterprise E3 ,Sync Type In cloud ,
I'm stuck now, with the domain username synching instead of the email username.
see error here:
Is there any hope? I can provide more info if needed.
Any suggestions appreciated.
user.name@business.com to user.name@business.com
I then set up Azure AD Connect to find that I needed to create an additional business.com UPN suffix because we had a business.local UPN
I changed the UPN suffix for existing users, with naming convention (buser@business.com) and added an SMTP email address in AD (b.user@business.com)
That being said, I now have an duplicate user, for each user:
,Display name Bob User ,Username buser@business.com Status Unlicensed ,Sync Type Synced with Active Directory
,Display name Bob User ,Username b.user@business.com Status Office 365 Enterprise E3 ,Sync Type In cloud ,
I'm stuck now, with the domain username synching instead of the email username.
see error here:
Is there any hope? I can provide more info if needed.Any suggestions appreciated.
ASKER
Thank you Mahesh
I ran IDFix output and fixed errors manually
I believe the root cause now is:
In active directory user = buser@business.com SMTP = b.user@business.com
In Office 365 the user = b.user@business.com
Is there any way to reconcile the name difference?
I ran IDFix output and fixed errors manually
I believe the root cause now is:
In active directory user = buser@business.com SMTP = b.user@business.com
In Office 365 the user = b.user@business.com
Is there any way to reconcile the name difference?
What onpremise attribute u are syncing as UPN for O365?
Is it mail or UPN?
It's looks like you are syncing mail attribute as UPN and that's creating issue
You should change users UPN same as email address and reconfigure AD Connect to sync UPN as UPN in cloud and it should resolve your issue
I believe in cloud manually created users UPN is buser@business.com?
OR you set email as UPN when you manually created users before configured AD Connect?
Is it mail or UPN?
It's looks like you are syncing mail attribute as UPN and that's creating issue
You should change users UPN same as email address and reconfigure AD Connect to sync UPN as UPN in cloud and it should resolve your issue
I believe in cloud manually created users UPN is buser@business.com?
OR you set email as UPN when you manually created users before configured AD Connect?
You duplicated user objects when you installed aadconnect AFTER migrating users. See here
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-existing-tenant
I would stop synch, delete duplicate users, hard match existing ones, reinstate synch.(this is the best course of action I can recommend based on the limited informations provided here)
See here for details on the match process(powershell scripting required)
https://www.itpromentor.com/soft-vs-hard-match/.
Best way is studying details of the process, write down a plan, double check here.
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-existing-tenant
I would stop synch, delete duplicate users, hard match existing ones, reinstate synch.(this is the best course of action I can recommend based on the limited informations provided here)
See here for details on the match process(powershell scripting required)
https://www.itpromentor.com/soft-vs-hard-match/.
Best way is studying details of the process, write down a plan, double check here.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I believe the migration was not hybrid as the OP started using aadconnect to sync users only after migrating same users. The issue he is having does match with the operations he told us he performed. Also, “cracking open the schema” sounds a bit drastic. You meant the ad database I believe. Still, you may want to use scripting f.i. powershell Set-aduser expecially when you have more than a handful of users to fix.
Hard to lose with scripting, aka, Powershell. And yes, I meant AD database, but, many of those "attributes" I had to fix on a relatively recent "hybrid" migration I could only resolve by editing directly. Now, I had to migrate that customer from 2003 to 2008R2 to 2012R2 and Exchange from 2003 to 2010SP3 Exchange first and fix a bunch of issues with AD prior.... it was interesting to say the least. (and yes, I'm talking as recent as 2017 on the 2003... it still exist)
@OP:
As I recall, the UPN + Primary SMTP Address + Proxy Address must all match? Otherwise, you get duplicate users when you sync and other issues.
Above is not requirement but it should be recommendation
If you could please explain what was exact issue and how did you resolved ? In case it may help others
As I recall, the UPN + Primary SMTP Address + Proxy Address must all match? Otherwise, you get duplicate users when you sync and other issues.
Above is not requirement but it should be recommendation
If you could please explain what was exact issue and how did you resolved ? In case it may help others
ASKER
Wow, what a weekend.
Here's what I did:
I deactivated "Active Directory synchronization" in Office 365.
Uninstalled AD Connect on the server
Deleted the duplicate users in Office 365 (the one's synced out from AD with mycompany.onmicrosoft.com)
Brian Murphy gave me the clues:
"Specifically, the following attributes must match in the Schema for all user Objects: (and must be unique)
proxyAddresses (must be the first one listed that matches the others)
userPrincipalName
targetAddress
Primary SMTP"
I ensured all of these were populated. I believe what was missing was the proxyAddresses attribute in the local AD user, and ran AAD Connect setup once again on the server.
I have no duplicates! but I have about 5 out of 80 users that have not synched but are still "in cloud". These I hope to match via hard matching GUIDs. It's been a long weekend. That's for tomorrow. Thanks everyone!
Here's what I did:
I deactivated "Active Directory synchronization" in Office 365.
Uninstalled AD Connect on the server
Deleted the duplicate users in Office 365 (the one's synced out from AD with mycompany.onmicrosoft.com)
Brian Murphy gave me the clues:
"Specifically, the following attributes must match in the Schema for all user Objects: (and must be unique)
proxyAddresses (must be the first one listed that matches the others)
userPrincipalName
targetAddress
Primary SMTP"
I ensured all of these were populated. I believe what was missing was the proxyAddresses attribute in the local AD user, and ran AAD Connect setup once again on the server.
I have no duplicates! but I have about 5 out of 80 users that have not synched but are still "in cloud". These I hope to match via hard matching GUIDs. It's been a long weekend. That's for tomorrow. Thanks everyone!
Thanks for the update Joseph and glad to hear it is working as expected.
the screen shot showing that you have duplicate proxy address configured under proxyaddresses AD user attribute
You can export IDFix output and fix errors manually or automatically, I prefer to fix errors manually to avoid unnecessary changes from automated way
after that disable Azure AD sync process from Azure AD powershell
Open in new window
For above module to work you need MSOnline module to be installed on Win 10 workstation, you can install if already not there by running cmdlet Install-Module MSOnlineAfter that all O365 objects would be turned into cloud only objects, delete all duplicated objects from cloud, before deleting thos emake sure those are not associated with mailbox
After that enable AD sync from O365 side again from Azure AD PowerShell
Open in new window
This will start onpremise objects sync process again and check if again duplication occurs