Question

rasmusw on Fri, 13 Mar 2015 13:11:08


I have one user failing to sync between AAD and AD. The error is "sync-generic-failure". The stack trace error is a bit more detailed: "The dimage has an anchor that is different than the image".

The user in question existed in AAD as a manually created user before AD Sync was set up.

The user account was then deleted from AAD, and I think that started this behavior.

Can I remove the link between the AD user and the AAD user completely, so the AAD user can be deleted, and the AD user can be synchronized to AAD?


Sponsored



Replies

Nagaraj Venkatesh on Fri, 13 Mar 2015 17:20:39


Hello,

Use the following commands to delete the user from azure AD. Then sync the user from on-premise:

Commands:

Connect-MSOLService  (enter your tenant's global admin creds)

Remove-MSOLUser -UserPrincipalName <user's UPN>

Remove-MSOLUser -UserPrincipalName <user's UPN> -RemoveFromRecycleBin

Once this is done, the user should be completely deleted from azure AD. Now you can re-sync your on-premise user.

Note: These commands needs to be run in azure AD module for powershell "https://msdn.microsoft.com/en-us/library/azure/jj151815.aspx"

Regards,
Nagaraj


rasmusw on Fri, 13 Mar 2015 19:33:30


That sounded plausible, and I tried it, but it didn't work.

The user is no longer returned by "get-msoluser -ReturnDeletedUsers", but I'm still getting the same error when doing a sync.

When importing from AAD it still detects that the user was there previously.

Nithin.Rathnakar on Mon, 16 Mar 2015 07:04:33


Hello,

  Have you tried uninstalling and Reinstalling AADSync. The latest build should have a fix for this issue.
  Or i would suggest you contact support at http://azure.microsoft.com/en-in/support/options/   and have a Support Enginner look at this issue and walk you through a Phantom Object Procedure.
 
Regards,
Nithin Rathnakar.

rasmusw on Mon, 16 Mar 2015 14:41:58


In the end I opened a support case. The engineer deleted the two connectors in "Synchronization Service Manager" and we configured it from the beginning.

Afterwards the problematic user account could be synchronized properly.

UNIFYBob on Wed, 14 Sep 2016 09:04:37


I ran into this problem in the last couple of weeks using AADConnect in Staging Mode.  I thought I would put a cross-reference to my particular resolution on this post here.

Hope this helps the next person!