Azure AD Connect - sync-generic-failure - A different entry with target identifier already exists RRS feed

  • Question

  • Environment: Exchange Account-Resource Forest scenario with Hybrid coexistence to Office 365.

    The affected Metaverse object in Azure AD Connect has 3 connectors:
    Connector A: Account Forest
    Connector B: Resource Forest
    Connector C:

    When Connector A runs the run-profile "Delta Synchronization", following error occurs:

    A different entry with target identifier already exists

       at Microsoft.MetadirectoryServices.SyncRulesEngine.Server.ObjectLinkGraph.AddLink(IObjectLinkModification link, IEntryModification sourceEntry, IEntryModification targetEntry)
       at SyncManagedUtil.PopulateGraphLinks(IObjectLinkGraph graph, CMvObject* mvObject, IEntryModification csEntry, IEntryModification mvEntry)
       at ObjectNamespace.LoadLinkedTargetObjects(IObjectLinkGraph graph, IEntryModification targetMvObject)
       at Microsoft.MetadirectoryServices.SyncRulesEngine.JoinModule.LinkSourceToTarget(IEntryModification sourceObject, IEntryModification targetObject, SynchronizationRule syncRule, SyncRulePipelineArguments pipelineArguments, Boolean joiningToExistingTarget)
       at Microsoft.MetadirectoryServices.SyncRulesEngine.JoinModule.ExecuteJoinProcessingForSyncRule(IEntryModification sourceObject, SynchronizationRule syncRule, SyncRulePipelineArguments pipelineArguments, AttributeFlowModule attributeFlowModule, Guid excludedMVObjectIdWhenSearchingGraphForJoin)
       at Microsoft.MetadirectoryServices.SyncRulesEngine.JoinModule.Execute(PipelineArguments argsToProcess)
       at Microsoft.MetadirectoryServices.SyncRulesEngine.Server.SyncEngine.RunSyncPipeline(SyncRulePipelineArguments pipelineData, List`1 pipelineChain)
       at Microsoft.MetadirectoryServices.SyncRulesEngine.Server.SyncEngine.Synchronize(SynchronizationOperation operation, IObjectLinkGraph inputGraph, Boolean preview)
       at ManagedSyncRulesEngine.Synchronize(ManagedSyncRulesEngine* , CCsObject* sourceCsObject, CMvObject* mvObject, SynchronizationOperation operation, Char** error)


     Native call stack:

    I have already done following steps:

    a) Move the affected user account in the Resource forest into another OU, which is not selected for synchronization in Azure AD Connect

    b) Executed following cmdlets in Azure AD Powershell to hard-delete the user account in Azure AD:

    Get-MsolUser -UserPrincipalName | Remove-MsolUser
    Get-MsolUser -ObjectId 7910e569-161b-41b3-be1c-994de12471a0 -ReturnDeletedUsers | Remove-MsolUser -RemoveFromRecycleBin

    c) Executed 2x times the cmdlet on Azure AD Connect server to run delta sync

    Start-ADSyncSyncCycle -PolicyType Delta

    d) At this point, the user account has been synchronized by Azure AD Connect to Azure AD (because the user account from Account Forest was still there)

    e) In the Resource forest, moved the user account back from the OU which was out of scope into the original OU which is selected in Azure AD Connect

    f) Executed 1x times the cmdlet on Azure AD Connect server to run delta sync

    Start-ADSyncSyncCycle -PolicyType Delta

    And the error happened again when Connector of Account Forest has executed the run-profile "delta synchronization".

    Unfortunately, we cannot move the user account in the Account Forest to another OU which is out of scope for Azure AD Connect.

    Anyone can help further?

    Thank you very much in advance!

    Monday, August 19, 2019 12:14 PM

All replies

  • Sorry, I'm confused what are you trying to achieve here ? Kindly clarify the goal.

    I've had the same error when we try to connect a cloud account to ad object.

    I stamped immutable ID to the msoluser object which was active and moved it to deleted users through powershell ( remove-msoluser ) then ran the sync , it restored the object top active users as synced from active directory connecting it with my ad object.


    Tuesday, August 20, 2019 11:43 PM