question

Shawn888-0280 avatar image
0 Votes"
Shawn888-0280 asked ·

Issue with Ad Sync Account

alt textalt textHi All
I am currently implementing a password hash sync for my local AD and Azure AD. This was actually a half done project by my previous guy who had left and I am picking it up to continue it. The first thing I did was to uninstalled the old Azure AD connect from another server which i assume should have remove any old connection or configuration setting and I set up another one on a different server with all the new sync configuration. I created a new OU for sync testing and move a few user over.
I run into some duplicate issue which I was able to clear beside the one such as in the attachment. I figure out that the account must have been either created first in Azure AD or already synced to an old domain server by the previous guy because the username in that problematic account that synced with the active directory is definitely incorrect from what I see inside the AD server. I need to at least know is what i suspect is correct

To make the matter more complex, the company were a cloud users first and then the local AD start appearing after that. They have also migrated from a old AD domain to a new AD domain
alt text


azure-active-directory
error-2.png (41.8 KiB)
error-1.png (408.4 KiB)
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

GK87 avatar image
0 Votes"
GK87 answered ·

At first: Please remove the sensitive user information!

Have a look at this article followed by the solutions mentioned in this article which should help you on the way.

(Sorry for the short message, just wanted to warn you on the sensitive user information you've supplied)

· 1 · Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

HI GK87
Thank you for the advise. I will amend out the sensitive detail.

0 Votes 0 ·
LukasBeran avatar image
0 Votes"
LukasBeran answered ·

What is the UPN for the affected user in onprem AD? What UPN suffix it has? I think you have wrong UPN suffix for this user. This user account should have the justcoglobal.com UPN suffix. Then start initial sync (Start-adsyncsynccycle -policytype initial)

· 1 · Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi Lukas
TH UPN in the local AD is definitely correct, which make me even more puzzle. I was wonder if it has already been sync to a previous old domain name instead?

0 Votes 0 ·