AAD Contains Another Object With The Same DN

KB ID 0001638

Problem

I’ve seen this a few times now, I’ve had users that will not sync from Active Directory to Azure Active Directory (Office 365). When you look to see why, you will see something like;

AAD contains another object with the same DN

The Connector {Your-Domain}.onmicrosoft.com – AAD contains another object with the same DN which is already connected to the MV.

Note: For the uninitiated, DN is Distinguished Name, and MV is MetaVerse.

If you attempt to troubleshoot the sync, you may also see something like this;

Is not found in AAD Connector space

Object {Distinguished-Name} is not found in AAD Connector Space.

Solution

First we need to temporarily halt the sync;

Set-ADSyncScheduler -SyncCycleEnabled $False

Stop Azure AD Sync

Then launch Sycronization Service Manager > Connectors > Select your AAD Connector > Delete > Delete connector space only > Yes.

Note: Whoa! it says I’m going to lose data, what are we doing? 

Well we are essentially removing all the ‘cached objects associated with this connector, I think about it like ‘flushing the cache’. I’ve never seen this operation break anything, and I’ve certainly never ‘lost’ anything.

AAD Delete Connector Space

While it’s still running, do the same with your local AD connector.

Local AD Delete Connector Space

Start the sync scheduler again.

Set-ADSyncScheduler -SyncCycleEnabled $True

Start Azure AD Sync

Perform a Full Import on your AAD connector..

AAD Perform Full Import

With the above still running you can repeat a Full Import on your AD Connector 

AD Perform Full Import

Providing the full import has finished (i.e the connector says ‘idle’) perform an Export on the AAD Connector.

ADD Perform Export

Providing the full import has finished (i.e, the connector says ‘idle’) perform an Export on the Local AD Connector.

AD Perform Export

You can then force an AAD sync, and go have a coffee.

Related Articles, References, Credits, or External Links

Azure AD Connect: Correct Or Remove Duplicate Values

Author: PeteLong

Share This Post On

5 Comments

  1. Thanks for this info. These actions finally solved my problems.

    Instead of the last 4 actions (twice Full Import and twice Export) it is easier to do:
    Start-ADSyncSyncCycle -PolicyType Initial

    Post a Reply
    • Isn’t this the solution to skip all above steps? I.e. is it necessary to do all the steps before re-enabling the sync schedule?

      Post a Reply
  2. That solved my problems too.

    Thanks a lot man!

    Post a Reply
  3. Hello,

    I just would highlight that this is not a solution, and this is not supported by Microsoft at all. If you are doing this, your AAD Connect instance became unsupported.

    Post a Reply
    • Well I learned of this solution by watching a Microsoft Support Engineer perform it on a production AD instance. And if you’re happy about it or not, if it resolved the problem it IS a Solution. If you would like to post a link to somewhere where this method is disavowed by Microsoft. I’ll happily take the post down. But at least post an alternate solution to the problem.

      P

      Post a Reply

Leave a Reply to PeteLong Cancel reply

Your email address will not be published. Required fields are marked *