AAD Contains Another Object With The Same DN

KB ID 0001638

Problem

I’ve seen this a few times now, I’ve had users that will not sync from Active Directory to Azure Active Directory (Office 365). When you look to see why, you will see something like;

The Connector {Your-Domain}.onmicrosoft.com – AAD contains another object with the same DN which is already connected to the MV.

Note: For the uninitiated, DN is Distinguished Name, and MV is MetaVerse.

If you attempt to troubleshoot the sync, you may also see something like this;

Object {Distinguished-Name} is not found in AAD Connector Space.

Solution

First we need to temporarily halt the sync;

[box]

Set-ADSyncScheduler -SyncCycleEnabled $False

[/box]

Then launch Sycronization Service Manager > Connectors > Select your AAD Connector > Delete > Delete connector space only > Yes.

Note: Whoa! it says I’m going to lose data, what are we doing? 

Well we are essentially removing all the ‘cached objects associated with this connector, I think about it like ‘flushing the cache’. I’ve never seen this operation break anything, and I’ve certainly never ‘lost’ anything.

While it’s still running, do the same with your local AD connector.

Start the sync scheduler again.

[box]

Set-ADSyncScheduler -SyncCycleEnabled $True

[/box]

Perform a Full Import on your AAD connector..

With the above still running you can repeat a Full Import on your AD Connector 

Providing the full import has finished (i.e the connector says ‘idle’) perform an Export on the AAD Connector.

Providing the full import has finished (i.e, the connector says ‘idle’) perform an Export on the Local AD Connector.

You can then force an AAD sync, and go have a coffee.

Related Articles, References, Credits, or External Links

Azure AD Connect: Correct Or Remove Duplicate Values