Unable to update this object in Azure Active Directory, because the attribute [MailNickname], is not valid.

RE: Azure AD Connect

I keep getting Azure AD Connect error on one particular user account every time a sync is performed.

Identity synchronization Error Report:

Identity | Joe.Smith@contoso.com
Error Description | Unable to update this object in Azure Active Directory, because the attribute [MailNickname], is not valid. Update the value in your local directory services.

The problem is:

1) the account is actually disabled in AD on-prem
2) I cannot find the account in Azure AD or exchange online (using get-msoluser and get-user and get-recipient or portal.azure.com)
2) the account in our On-Prem AD, the MailNickname property is none when I look in the Attribute Editor.

Does anyone have any suggestions on what to try to fix this?

Thank in advance.
Christian HansUndecided... Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MaheshArchitectCommented:
check account in deleted user container in O365 portal, if found their, delete it from there as well
Also make sure account is moved out of AD sync OUs
Christian HansUndecided... Author Commented:
Yes, I have tried that too. I ran the commands with the Get-MsolUser –ReturnDeletedUsers and the account still wasnt found.
MaheshArchitectCommented:
check if accounts stored in contacts anywhere in O365 / onpremise
Maximize Customer Retention with Superior Service

The IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more to help build customer satisfaction and retention.

RobertSystem AdminCommented:
It could be an actual invalid entry.
Is the attribute listed as <not set> or is the word none entered?
if it is none then delete out the attribute.

or you could manually enter a valid alias that is not already in use.
Christian HansUndecided... Author Commented:
Sorry, It's actually <not set>

It doesn't have a mailbox, so that's what is also weird. The mailnickname shouldn't be set if there's no mailbox.
Christian HansUndecided... Author Commented:
Seems like the only way top stop the Sync errors is to delete the account... but as soon as I recreate it, the errors start up again.

# In AAD

Get-AzureADUser -ObjectId "Joe.Smith@contoso.com"
Get-AzureADUser : Error occurred while executing GetUser
Code: Request_ResourceNotFound
Message: Resource 'Joe.Smith@contoso.com' does not exist or one of its queried reference-property objects are not present.

Get-ADUser -Identity "Joe.Smith@contoso.com"
Get-ADUser : Cannot find an object with identity: 'Joe.Smith@contoso.com' under: 'DC=contoso,DC=com'.

# On-Prem

Get-User -Identity "Joe.Smith@contoso.com"

Name                  RecipientType
----                  -------------
Joe.Smith@contoso.com       User        

In the Attribute Editor the MailNickname attribute is set to <not set>

I'm stuck...
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.