I keep getting this error on my AD Connector when I try synchronizing a particular user. I examine the user to see what is unique about this user. Well the user is a manager of himself/herself, because they own the company or the person is at the top of the company hierarchy. If I remove the person from the manager field synchronization works well.
There are two forests, connected via FIM GALSync, User1 is appears in forest1 as a regular AD account and in forest2 as a contact. The contact has been imported by AD Connect and exported to Azure AD. Now I want to import the User account and this is where it fails.
I do not want to remove the user from the Manager field in AD because one, that could affect applications that are dependent on that information and two, I have to add it back after getting through the synchronization error and then we are back to where we were. So I need a persistent solution.
Create a new Sync Rule to filter out the Contact from the synchronization.
- Start the Sync Rule Editor, its in Program Files\Microsoft Azure AD Sync\UIShell
- Enter a name for the rule “Filter out User1 contact”
- Connect system select the AD with the contact
- Connected System Object: Contact
- MV Object: Person
- Link Type:Join
- Precedence, I gave a low number 51 so it was close to top of the Rules list
- Click next to scoping.
- In Scoping filter, click Add Group, click Add Clause and in attribute select Mail. Make sure the Operator is set to EQUAL and type the value email@example.com in the Value box. Click Next.
- Leave Joins rules empty and click next
At Transformation, click “Add Transformation”. FlowType: Contant, Target Attribute: CloudFiltered, Source: type in True. Click Add at the bottom.
Go to the Sync Manager
- Go to the MA of the forest with the contact. Click search connector space. Look for user1. Click preview, then click commit preview. This will remove the Windows Azure Active Directory (WAAD) entry in the WAAD connector space.
- Go to the WAAD MA and run an Export to delete the contact in Azure AD. Run delta import after to confirm the export.
- Go to the MA of the forest with the user. Click search connector space. Look for user1. Click preview then click commit preview. This will join the user and contact objects of User1.
Go the Sync Rule Editor
- Disable the new rule “Filter out User1 contact ” you just created.
Go to the Sync Manager
- Go to the MA of the forest with the contact. Click search connector space. Look for user1. Click preview, then click commit preview. This will add the WAAD entry in the WAAD connector space.
- Go to the WAAD MA and run an Export to Add the User in Azure AD. Run delta import after to confirm the export.