Active Directory objects don't sync when Azure Active Directory tool is used

The first indication of problems in Azure Active Directory synchronization is an error mail from Azure AD or an error in the Azure AD health connect.

Possible causes:

• The domain values used by AD DS attributes are unverified.
• One or more attributes (for example, UserPrincipalName) have a duplicate attribute value.
• Attribute values for one or more attributes might exceed the prescribed length.
• One or more attributes match the exclusion rules for AD synchronization.

Solution 1:

Run the IdFix error remediation tool. It is a tool for diagnosis and remediation of objects and their respective attributes in an Active Directory environment. It used by IT administrators as a preparatory measure before migration to Azure Active Directory. You can install it from here and learn more about it here.

Solution 2:

Ensure there are no rule violations, duplication or scoping exclusions by updating the AD DS attributes. You can do this by identifying the attributes which prevent synchronization based on the information like Office 365 deployment readiness tool reports, Default directory synchronization scoping tool, etc.

Solution 3:

Use the Simple Mail Transfer Protocol (SMTP) attribute to map the on-premise user object to an existing user object for directory synchronization. To know more information about this, check out this MS documentation.

Solution 4:

In case the user account's UPN has been updated between two synchronization cycles, manually update the UPN of the specific user account.

ADManager Plus simplifies management of user accounts with purpose-built features to:

• Manage Active Directory, Office 365, Exchange, Skype for Business and more from a single window.
• Perform AD administration tasks with a purely GUI-based console.
• Generate reports about AD objects without scripting; includes 200+ built-in reports.
• Automate repetitive AD tasks, and more.

Download the 30-day fully functional ADManager Plus trial now!