If a user isn't syncing to Office 365 (hereby known as O365), the user probably has duplicate attributes. e.g. same e-mail address / proxy address etc
To find the offending item run the following in command prompt:
ldifde -f filename.ldf -d "CN=username,OU=users,DC=domain,DC=com"
open the file and look for objectGUID e.g. yv3teZPLCRijv1MhJ9BeHP==
Now open up Azure Powershell and run: connect-msolservice
log on
run
get-msoluser -userprincipalname username@domain.com |fl > c:\sources\username.txt
Open this TXT file
Look for
ImmutableID
This is the O365 version of objectGUID
If they are the same, this is probably not causing the sync problem. Investigate other reasons.
If they are different......
Open up DirSync (FIM Sync Engine) on the DirSync server
C:\Program Files\Windows Azure Active Directory Sync\SYNCBUS\Synchronization Service\UIShell\miisclient.exe
Go to MetaVerse Search
search for
Source Anchor and the enter the GUID - to see which user is syncing...
Now, on prem, run the following LDIFDE domain dump (yes the whole thing):
ldifde -f domaindump.ldf -d "DC=domain, DC=com"
it may take a long time!
Open this file when its completed downloading using notepad++ - normal Notepad will probably crash if you have a large directory.
Now do a search for the objectGUID which is synced to O365, this will show you the offending account that probably has a duplicate mail address.
No comments:
Post a Comment