Gordon State College Information Technology Help Desk Knowledgebase
Directory Synchronization error in Office365 for specific user
Suggested knowledgebase articles:

Directory Synchronization error in Office365 for specific user

Problem Description : 

Error "Unable to update this object because the following attributes associated with this object have values that may already be associated with another object in your local directory services:" appears in DirSync or emailed to primary account holder (laurah@gordonstate.edu)

 

 

 Resolution : 

 

EXAMPLE ERROR BELOW:

 

Received a Directory Synchronization error email notification " Unable to update this object because the following attributes associated with this object have values that may already be associated with another object in your local directory services: [SignInName km189650@gordonstate.edu;]. Correct or remove the duplicate values in your local directory. Please refer to http://support.microsoft.com/kb/2647098 for more information on identifying objects with duplicate attribute values. /ru3jR7AB06cq/g+Bs7SNg=="

 

 

RESOLUTION: 

 

You can follow the steps in either option below to resolve the issue. If the user does not have a mailbox assigned in Office365 (which in Gordon's case it should never have one), then OPTION 2 is the quickest method...

 

OPTION 1:

 

Perform a "hard match" of the "Object Guid" of the user in AD as "Immutable ID" of the "in cloud" user.

 

1) Export LDI Dump of all the users in AD 

 

 i) On a Domain Controller open CMD Prompt in elevated mode.

 ii) Run the command Ldifde -f Dump.txt

 iii) Open file "Dump.txt" and search for the UPN (username@gordonstate.edu) for which we are getting error.

 iv) Copy the "Object Guid" of the corresponding UPN. (if a beginning forward slash (/) exists in the Object Guid don't include it when copying/recording the GUID)

 

2) On DirSync server (Penguin), open Azure Active Directory Module for Windows PowerShell from desktop

3) In Azura AD for PowerShell, type the cmdlet connect-MSOLService and enter Office365 admin credentials (gordonsync@gordonstateedu.onmicrosoft.com).

4) Once the prompt appears again, perform user attribute "Hard Match" using cmdlet Set-MsolUser -UserPrincipalName [CurrentUPN] -ImmutableId [Object Guid] and update the "Object Guid" as "immutable ID" for the user. (Note: In place of [CurrentUPN] type the user's UPN and in place of [Object Guid] type the Guid you copied from the LDI Dump - without the beginning forward slash).

5) Next, open DirSyncConfigShell from the desktop and run a full sync using Power Shell cmdlet Start-OnlineCoexistenceSync -FullSync

6) The user sync the user successfully to the O365 cloud.

 

OPTION 2:

 

You can just delete the user from the cloud and do a fresh AD sync as long as the status in the cloud for the user shows "In Cloud". Keep in mind this would not work if the user had a cloud-based mailbox but since Gordon only has a license for Student Advantage this method will work just fine. 

 

1) Login to O365 portal and delete the "in cloud" user under Users > Active Users .

2) Run a sync cycle using Power Shell cmdlet Start-OnlineCoexistenceSync within DirSyncConfigShell on Penguin.

3) The user with the error should now be synced successfully to AD in the cloud. The O365 portal should now show a status of 'Synced with Active Directory'.

 

 

 

 

 

 

 

 

 Revision Date : 5/26/2015

 

Was this article helpful? Yes | No

Article Details

Article ID:
306
Category:
Knowledgebase
Rating :

Related articles