Hi! This question is originally posted by me on serverfault but it seems I shouldn't wait for the response there :(
I have a weird ADSync error stating that my local active directory contains two objects with the same ProxyAddress property. One of accounts is username@domain.tld (which is correct) and the second is username@domain.onmicrosoft.com (which is inexistent in AD in my opinion) - and, according to DirSync errors report, both of them contain the same conflicting ProxyAddress username@domain.tld. AzureAD shows that both accounts source from local Active Directory. The point is that someone could create *onmicrosoft.com account years ago to test office365.
I have checked two things so far:
- Small powershell script to test for the same proxyaddress in local AD:
Get-ADUser-Filter*-Properties proxyAddresses |foreach{foreach($address in $_.proxyAddresses){if($address -eq 'smtp:username@domain.tld'){Write-Host $address}}}- Checking for immutableIDs of conflicting accounts:
$user =Get-ADUser legit_account
$immutableid =[System.Convert]::ToBase64String($user.ObjectGUID.tobytearray())
$immutableid #shows the same as legit account in DirSync report
$badImmutableID ='base64 copied from bad account DirSync error report=='
$users = get-aduser -Filter*foreach($usr in $users){
$currImmutableID =[System.Convert]::ToBase64String($usr.ObjectGUID.tobytearray())if($currImmutableID -eq $badImmutableID){
$usr}}This script provides no output with bad immutableID (but works with others).
I am actually stuck at this point - AzureAD won't let me delete bad account to resolve conflict saying I have to solve it in local AD while there is no such account. Any ideas would be highly appreciated.