Export (0) Print
Expand All

Troubleshoot directory synchronization

Published: June 8, 2012

Updated: February 20, 2014

Applies To: Office 365, Windows Azure, Windows Intune

This troubleshooting article is for administrators who encounter synchronization errors while using the Active Directory synchronization feature for a Microsoft cloud service. The Windows Azure Active Directory Sync tool lets your company’s administrators keep your local Active Directory continuously synchronized with Windows Azure Active Directory (Windows Azure AD).

If you are having synchronization errors, the Directory Sync tool will notify the technical contact (the administrator who set up your company’s Microsoft cloud service subscription) in an email message. For this reason, to ensure that you receive directory synchronization messages, make sure that you provide a valid email address for your company’s technical contact.

TipTip
Using Office 365? Need more troubleshooting information? Check out the Troubleshooting sections of the following Office 365 wiki articles:

If directory synchronization has not been activated, you can activate it from your portal.

To activate directory synchronization, see Prepare for directory synchronization.

When synchronization takes place, there are certain acceptance criteria that are searched for in each attribute in each user account in your local Active Directory. Only attributes that are well-formed are synchronized to Windows Azure AD. The criteria for each attribute being well-formed vary depending on the attribute. For instance, email addresses cannot be longer than 256 characters and can’t contain certain non-alphanumeric characters.

Errors caused by non-compliant data in the on-premises Active Directory are discovered in the following ways:

  • Users that attempt to log on to Microsoft Office Outlook Web Access receive the following error and exception message:

    Exception type: Microsoft.Exchange.Data.DataValidationException

    Exception message: “<Alias_Name> is not valid for Alias.”

  • The administrator receives an automated email about LDAP injection or failures to synchronize.

To fix these errors, install and run the Microsoft Deployment Readiness Tool or watch the video (4:14).

If changes such as new users or updates to existing users made to your on-premises Active Directory are not appearing in Windows Azure AD, it is possible that the Directory Sync process has encountered errors. Error reports are sent to the Technical contact for the company.  Verify that the Technical Contact address specified for your company is a valid email address for an administrator. To do this, open the portal for the cloud service in your browser, navigate to the Admin Overview page and click your company’s name at the top of the left side navigation pane. Your company’s Technical contact will be listed in the pop-up dialog box.

If you are unable to update an object in Windows Azure AD, it may be because one of the attributes associated with this object in the local Active Directory directory service has already been associated with another object in Windows Azure AD. You can resolve this issue by correcting the attribute association or removing the duplicate address.

For more information about attributes in Active Directory, see this list of All Attributes defined by Active Directory.

If you are unable to update an object in Windows Azure AD, it may be because one of the attributes associated with the object in the local Active Directory exceeds the maximum allowed length. You can resolve this issue by reducing the length of the attribute in your local Active Directory.

For more information about attributes in Active Directory, including maximum allowed lengths, see this list of All Attributes defined by Active Directory.

If you are unable to update an object in Windows Azure AD, it may be because the object shares the same proxy address with an object of a different class that has already been synchronized to Windows Azure AD. You can resolve this issue by double-checking the proxy address values of the object and correcting or removing duplicate values in your local Active Directory or in Windows Azure AD.

For more information about attributes in Active Directory, see this list of All Attributes defined by Active Directory.

If you are unable to update an object in Windows Azure AD, it may be because the object has an associated attribute with an invalid value. You can resolve this issue by correcting the attribute value.

For more information about attributes in Active Directory, see this list of All Attributes defined by Active Directory.

If you are unable to update an object in Windows Azure AD, it may be because the object has an invalid multi-valued description attribute. This issue occurs if you receive the flow-multi-values-to-single-value error message in the ILM export report. You can resolve this issue by changing the multi-value description attribute to a single-value description attribute.

For more information about attributes in Active Directory, see this list of All Attributes defined by Active Directory.

If you are unable to update an object in Windows Azure AD, it may be because the object has an invalid SMTP proxy address associated with it. This usually occurs when there are trailing spaces or invalid characters in the SMTP proxy address. You can resolve this issue by correcting the invalid SMTP proxy address in your on-premises Active Directory.

See Also

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft