SipProxyAddress AttributeConflictValues while syncing AD On-Premises to Ahzure AD

In some cases, where you have the same user in On-Premises AD and Office 365 Azure AD, synchronization may fail. Fixing a common DirSync/ AAD Connect issue with duplicate cloud account.
This is due to the SOFT MATCH (UPN and ProxyAddesses), you must use HARD MATCH.
The duplicate error, which means the Local AD account and the cloud account did not merger due to Immutable ID mismatch.


ExtraErrorDetails:

[{"Key":"ObjectId","Value":["677e2ead-14e8-4e18-9b25-49d5c75472f1"]},{"Key":"ObjectIdInConflict","Value":["7505ed65-e7f5-4dca-9f78-2617a247f047"]},
{"Key":"AttributeConflictName","Value":["SipProxyAddress"]},{"Key":"AttributeConflictValues","Value":["UserName@domain.com"]}]



$upn user@domain.com 
$GUID = (Get-ADUser -Filter {UserPrincipalName -eq $upn}).ObjectGUID 
$ImmutableID = [System.Convert]::ToBase64String($GUID.tobytearray()) 
Set-MSOLuser -UserPrincipalName $upn -ImmutableID $immutableID

This fixes the issue. 

Some more verifying the ImmutableID:
Get-MsolUser | ft UserPrincipalName,immutableid,lastdirsync* UserPrincipalName

if you have sourceanchor issue, try setting the ImmutableID to $null
Set-MSOLUser -UserPrincipalName user@domain.com -ImmutableID "$null"

Issue with user newly created in Azure AD in the format of user{4-digit}@domain.com.
You must delete the Online USer and remove this object from recycle bin.
Remove-MsolUser -UserPrincipalName user2345@domain.com -RemoveFromRecycleBin

Note:
https://support.microsoft.com/en-us/help/2647098/duplicate-or-invalid-attributes-prevent-directory-synchronization-in-o
https://support.microsoft.com/en-us/help/2643629/one-or-more-objects-don-t-sync-when-the-azure-active-directory-sync-to
https://support.microsoft.com/de-de/help/2430520/error-in-the-office-365-portal-value-of-msrtcsip-primaryuseraddress-or
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-syncservice-features

Comments

  1. In your solution, line 3 generates an error on my 2016 server - "You cannot call a method on a null-valued expression."

    ReplyDelete
    Replies
    1. Hi, this is because a typo in the first line:
      $upn = user@domain.com
      the equal is missing

      Delete
    2. Thanks Thomas, but no, I spotted that and fixed it (you also need quotes round the email address). Still got the error...

      Delete
    3. This is honestly wired. The error tells you, that ToBase64String($GUID.tobytearray() is empty/ has no value/ the transformed expression should be empty. can you check, the result if ToBase… only

      Delete

Post a Comment

Popular posts from this blog

Skype for Business, Lync and Exchange Web Services (EWS) and different DNS Domains- Exchange crawling e.g. for presence

Lync 2013 Client, Desktop Sharing shows blank screen (Windows 7, Windows 8, Windows 8.1)

File Share Perfomance for Skype for Business (slow conference join, slow address book)