Paul Farris's Blog

Home

Fixing ADConnect Sync Errors
Office 365 (ADConnect) Friday, 03 April 2020 by paul

Sometimes there are synchronisation errors when syncing on-premise AD account to Azure AD using ADConnect.

The users with errors can be listed PowerShell using the following script:

Connect-MsolService

# List users and reason for sync error
Get-MsolUser -HasErrorsOnly -All | ft DisplayName,UserPrincipalName,@{Name="Error";Expression={($_.errors[0].ErrorDetail.objecterrors.errorrecord.ErrorDescription)}} -AutoSize -wrap

Example Results:

DisplayName UserPrincipalName       Error
----------- -----------------       -----
John Smith  [email protected]  Failed to enable the new cloud archive fb1560c3-59be-4097-8423-4bec894e2c14 of mailbox
                                    051914f9-d8f0-4e39-af26-a49b20eb3220 because a different archive
                                    99d0e86a-f9a7-4a04-add5-111385c162e2 exists. To enable the new archive, first disable the
                                    archive on-premises. After the next Dirsync sync cycle, enable the archive on-premises again.

John Smith  [email protected]  {Exchange can't disable the mailbox "GBRP123A001.PROD.OUTLOOK.COM/Microsoft Exchange Hosted
                                    Organizations/contoso.onmicrosoft.com/John.Smith" because it is on litigation hold.,
                                    Exchange can't disable the mailbox "GBRP123A001.PROD.OUTLOOK.COM/Microsoft Exchange Hosted
                                    Organizations/contoso.onmicrosoft.com/John.Smith" because it is on litigation hold.}

The first error {Failed to enable the new cloud archive x of mailbox x because a different archive x exists. To enable the new archive, first disable the archive on-premises. After the next Dirsync sync cycle, enable the archive on-premises again.} is due to a new Outlook archive being created for the user in Exchange Online so it does not match up with the value specified in on-premise AD. The Exchange Archive GUID can be changed on-premise to match the expected value in Exchange Online using the following PowerShell script:

# archive-reset-guid.ps1 - Set msExchArchiveGUID in AD
# example usage: archive-reset-guid.ps1 joe.bloggs c14515ec-54aa-4a17-8435-bafg19e75159

Param(
    [Parameter(Position=0, Mandatory=$false, ValueFromPipeline=$true)]
    [string] $Username,
    [Parameter(Position=1, Mandatory=$false, ValueFromPipeline=$true)]
    [system.guid] $ArchiveGUID
)

if($ArchiveGUID -ne '') {
    if($Username -ne '') {
       Write-Host "Set msExchArchiveGUID to "$ArchiveGUID" for "$username  -foreground green
       Set-ADUser -Identity $Username -Replace @{msExchArchiveGUID=$ArchiveGUID}
    }
    else {
            Write-Host "Missing AD Username" -foreground red
         }
   }
   else {
      Write-Host "Missing ArchiveGUID" - foreground red
}

The second sync error {Exchange can't disable the mailbox "x" because it is on litigation hold., Exchange can't disable the mailbox "x" because it is on litigation hold.} is due to the on-premise AD account being removed and the removal not synchronised to Azure AD. The account can be manually removed using the following PowerShell command:

Remove-MsolUser –UserPrincipalName [email protected]

Confirm the deletion when prompted.

Add Comment

No Comments.