KB ID 0001588
Problem
I was doing some work for a School recently, their staff were already using Office 365 and their tenancy was all setup. Now they wanted to roll Office 365 out to the pupils, and sync to their on premises Active Directory.
Now we could have simply excluded the staff from the Azure AD Connect Sync, but they want to manage their passwords etc. on-premises. Microsoft will tell you if you DON’T have an on-premises Exchange (they didn’t), then you simply need to enter the correct email address on the user object and the correct accounts will match up and sync, however they did not, this happened instead;
Unable to update this object because the following attributes associated with this object have values that may already be associated with another object in your local directory services: [ProxyAddresses SMTP:username@domain-name.com;]. Correct or remove the duplicate values in your local directory. Please refer to http://support.microsoft.com/kb/2647098 for more information on identifying objects with duplicate attribute values.
Tracking Id: 2b68528a-695a-4c5e-9b4f-7ec471e5f38c
ExtraErrorDetails:
[{“Key”:”ObjectId”,”Value”:[“6ef8d8d0-2893-4d46-83e3-bf819ea607d2”]},{“Key”:”ObjectIdInConflict”,”Value”:[“56a72044-de5b-43ce-82b1-edb82c80395e”]},{“Key”:”AttributeConflictName”,”Value”:[“ProxyAddresses”]},{“Key”:”AttributeConflictValues”,”Value”:[“SMTP:username@domain-name.com“]}]
OK, I’ve worked A LOT with Exchange and I know that ProxyAddress and Email address are related, but not the same AD attribute. But changing that didn’t fix the problem either?
Solution
Well we are syncing on-premises Active Directory and Azure Active Directory, and we DON’T want to change anything on site. So logically wherever the ‘fix’ is, it will be in Azure. (If you only ever use the Office 365 portal then buckle up)
Within Office 365 Admin > Admin Centers > Azure Active Directory.
Welcome to Azure! > Azure Active Directory > Azure AD Connect > Connect Health.
Sync errors.
Duplicate Attribute.
Select the affected user(s) > Troubleshoot.
Double check it is the same user! (If you get this wrong all manner of carnage will unfold!) Yes > Apply Fix > Confirm.
Now wait for a directory replication, (or force one manually with PowerShell). The errors should now cease.
Related Articles, References, Credits, or External Links
AAD Contains Another Object With The Same DN
14/05/2020
Same issue for me supporting a company, but get a “User with conflicting attribute is soft deleted in Azure Active Directory. Ensure the user is hard deleted before retrying” error when I try to apply the fix. How should that be resolved without losing any data?
25/11/2020
Same here. Have case open with MS on this and hoping for an update tomorrow. Having followed the guide and got the soft delete warning I found my O365 account in the deleted Users folder 🙁
06/07/2020
Thank you Pete for another great post! I had exactly the same scenario and this worked like a BOSS! I tried the MS suggested fix and also did nothing for me.
07/07/2020
Thanks Justin
20/12/2020
Thank you Pete.
I tried to fix it before with powershell and it doesn’t work me. Exactly the same issue with one account only.
After this simple steps everything synchronized and work well!
12/02/2021
Thank you , your article led me to the resolution – for me I didnt have the troubleshoot link active but looking at Duplicate Error part in your post I saw that the object was related to a distribution group where the owner was the dupe UPN. Thanks!!
23/02/2021
Does this preserve the mailbox if the account is created in cloud?
25/02/2021
I can’t answer sorry.
05/03/2021
thaaanks for this article!! i had exactly the same problem, but now it works.