Azure AD connect sync import problems with cn=RegisteredDevices

Question

I noticed in Azure AD Connect log that there is a problem with import phase for domain connector. Log shows more than 5000 errors like:
status: discovery-errors

discoveryErrors: cn=xxx,CN=RegisteredDevices,DC=domain,DC=com exported-change-not-reimported

in OU filter on connector - RegisteredDevices OU is selected to be synced to AzureAD and DeviceWriteback is enabled in AADconnect configuration.
It is set to synchronize all objects from domain(whole root domain is ticked in OU filter)

how it can be solved - to reduce number of errors? current number of errors extends significantly default 30 minutes sync interval.

Answer 1

@NowAcc-5991In general, there are a few possible causes for this.

• A Change was made to the user object in the on-premise Active Directory domain containing an attribute value that exceeds the maximum allowable character length of the attribute. For instance, an extension_attribute being populated with a large amount of text totaling more than the maximum allowable number of characters for that attribute. The maximum is 448 characters so any value larger than that could cause this error. It's allowable in the on-premise Active Directory user properties, but not as a synced object. When it syncs, the attribute value doesn't make it back in on the next import
• There is an on-premise Active directory policy that will not allow the change to be made
• There was a change made to the synced object before the object was imported again. An example of this would be that during a delta sync cycle a change was written to the synced user object. Before the next import was run, another change was made to the on-premise Active Directory object and then a manual sync and then manual export were run without first running an import.

You might need to open a support case if you are not able to identify any of the causes as listed above.