Unable to update this object in Azure Active Directory, because the attribute [MailNickname], is not valid.

Christian Hans
Christian Hans used Ask the Experts™
RE: Azure AD Connect

I keep getting Azure AD Connect error on one particular user account every time a sync is performed.

Identity synchronization Error Report:

Identity | Joe.Smith@contoso.com
Error Description | Unable to update this object in Azure Active Directory, because the attribute [MailNickname], is not valid. Update the value in your local directory services.

The problem is:

1) the account is actually disabled in AD on-prem
2) I cannot find the account in Azure AD or exchange online (using get-msoluser and get-user and get-recipient or portal.azure.com)
2) the account in our On-Prem AD, the MailNickname property is none when I look in the Attribute Editor.

Does anyone have any suggestions on what to try to fix this?

Thank in advance.
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Distinguished Expert 2018

check account in deleted user container in O365 portal, if found their, delete it from there as well
Also make sure account is moved out of AD sync OUs
Christian HansUndecided...


Yes, I have tried that too. I ran the commands with the Get-MsolUser –ReturnDeletedUsers and the account still wasnt found.
Distinguished Expert 2018

check if accounts stored in contacts anywhere in O365 / onpremise
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

RobertSystem Admin

It could be an actual invalid entry.
Is the attribute listed as <not set> or is the word none entered?
if it is none then delete out the attribute.

or you could manually enter a valid alias that is not already in use.
Christian HansUndecided...


Sorry, It's actually <not set>

It doesn't have a mailbox, so that's what is also weird. The mailnickname shouldn't be set if there's no mailbox.
Christian HansUndecided...


Seems like the only way top stop the Sync errors is to delete the account... but as soon as I recreate it, the errors start up again.

# In AAD

Get-AzureADUser -ObjectId "Joe.Smith@contoso.com"
Get-AzureADUser : Error occurred while executing GetUser
Code: Request_ResourceNotFound
Message: Resource 'Joe.Smith@contoso.com' does not exist or one of its queried reference-property objects are not present.

Get-ADUser -Identity "Joe.Smith@contoso.com"
Get-ADUser : Cannot find an object with identity: 'Joe.Smith@contoso.com' under: 'DC=contoso,DC=com'.

# On-Prem

Get-User -Identity "Joe.Smith@contoso.com"

Name                  RecipientType
----                  -------------
Joe.Smith@contoso.com       User        

In the Attribute Editor the MailNickname attribute is set to <not set>

I'm stuck...
I decided to just remove it from Syncing to O365. I couldn't figure it out. It was a template and not really necessary to sync.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial