none
Is it possible to create two users with the same Full Name and Email attribute in two different forest ?

    Question

  • Is it possible to create two users with the same Full Name and Email attribute in two different forest ?

    user@domain.com is a part of F1 forest and user@domain.com is also part of F2 forest. however, both objects are users. reason behind we have to sync both the same accounts to cloud with the help of Azure active directory which is not allowing me to sync due to same mail attribute.

    is there any way to achieve this?

    Tuesday, January 17, 2017 2:28 PM

Answers

All replies

  • By full name I assume you mean the Relative Distinguished Name (the value of the cn attribute). In any case, you can create users with identical RDN (and even sAMAccountName) and mail attribute (the email address) in different forests. But AAD identifies users by UPN, which must be unique in any tenancy. Are you sure the conflict isn't with the userPrincipalName attribute?

    Edit: Does this Wiki article help?

    https://social.technet.microsoft.com/wiki/contents/articles/24096.dirsync-using-alternate-login-ids-with-azure-active-directory.aspx


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)


    Tuesday, January 17, 2017 4:30 PM
  • Hi Richard,

    thanks for the info.

    pertaining to conflict isnt with UPN since, UPN is different but i got attribute value must be unique error due to the same email attribute.

    in order to achieve this, i have tried to create two accounts as a contact object in X1 forest and two accounts as a user object in X2. and matching process i have selected as a mail attribute in azure active directory sync.

    https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-get-started-custom

    My hard luck :( its not matching and giving errors.

    Wednesday, January 18, 2017 7:08 AM
  • Hi,

    Have you tried to check the following articles s and see if it works for you?

    https://support.microsoft.com/en-sg/help/2647098/duplicate-or-invalid-attributes-prevent-directory-synchronization-in-office-365

    https://support.microsoft.com/en-us/help/2643629/one-or-more-objects-don-t-sync-when-the-azure-active-directory-sync-tool-is-used

    https://support.microsoft.com/en-us/help/2641663/how-to-use-smtp-matching-to-match-on-premises-user-accounts-to-office-365-user-accounts-for-directory-synchronization

    In addition, I would suggest you post the question in Azure Active Directory forum.

    https://social.msdn.microsoft.com/Forums/azure/en-US/home?forum=WindowsAzureAD

    The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding.

    Best regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, January 20, 2017 7:39 AM
    Moderator