Microsoft last week announced a new Azure Active Directory Connect Health feature for IT pros that resolves duplicate attribute sync errors with an organization’s local Active Directory.
The trouble can happen when different end user identities in AD share the same proxy address, which won’t sit well when synced up with Azure AD. These accounts will get flagged in the Azure AD Connect Health dashboard. Microsoft has now added a way to resolve these attribute syncing errors between an organization’s local AD and Azure AD. The portal does so by noting the conflicting proxy addresses, which get quarantined. IT pros then answer some questions about the duplicated attributes to produce a resolution in PowerShell form. The Azure AD Connect Health portal will create the PowerShell script to resolve the conflicts based on the answers.
The new attribute sync error feature in Azure AD Connect Health has already been successfully tested at the preview stage, according to Microsoft’s announcement.
“During the public preview of this feature, hundreds of customers tried it out and many of them cleaned ALL their duplicate attribute sync errors in a just a couple of hours,” the announcement claimed.
The new tool can only be used by IT pros having a Global Admin or Contributor role. The PowerShell script generated by this feature will perform a soft delete of the AD account that has a conflicting attribute, but a hard delete will be required to make the fix work, according to Microsoft’s documentation.
Azure AD Connect Health is a dashboard within the Azure AD Admin Portal that was launched about three years ago. The dashboard is only available to Azure AD Premium subscribers, with details described at this page. The description includes an oblique footnote about the need to license the dashboard’s various “monitoring agents.”