After I created some accounts in my on-premises Active Directory, I suddenly found this DirSync error in my Azure portal
We detected a duplicate UserPrincipalName conflict on the value x. All attribute values need to be unique across objects. To resolve this conflict, first determine which object should be using the conflicting value. Then, update or remove the conflicting value from the other object(s).
My Azure ADConnect / DirSync tool was syncing fine. And actually, the account names were very trivial and random. So acutally I could’t believe I created a duplicate UPN.
First step to tackle this issue, was powershelling to MSOL and searching for accounts with a similar name string.
Get-MsolUser -SearchString donald.tru*
This returned only one result. So that should be fine. Now, let’s search for similar UPN’s in my on-premises Active Directory:
- Open Active Directory Users and Computers
- Open the Search Windows
- Go to find: Custom Search, and then tab Advanced
- Type the following LDAP query:
userprincipalname=*name of upn*
- Click Find Now to get all search results
At this point I didn’t have a clue what went wrong with the DirSync.
Fix for We detected a duplicate UserPrincipalName conflict on the value
I ended up
- renaming the UPN on-prem (just added a X at the end). I used the Attribute Editor for this action. But ADSI Edit is fine too.
- forcing a DirSync (I used Start-ADSyncSyncCycle cmdlet, but you can also use the Synchronization Service Manager tool
- changing the UPN back to its original value
Guess what?! Problem solved. :-D
Thanks to HappyMillfam for the first troubleshooting steps.