SysAdmin

How to resolve Dir Sync error “duplicate UserPrincipalName conflict”

I was recently prompted about a Directory Sync error witting Microsoft 365 Admin Center. The user account had the message “We detected a duplicate UserPrincipalName conflict on the value user@domain.com. All attribute values need to be unique across objects. To resolve this conflict, first determine which object should be using the conflicting value. Then, update or remove the conflicting value from the other object(s).” A little research revealed the account had been created, deleted, and then recreated in a short period of time. I suspect directory synchronization may have occurred at some point between the creation and deletion resulting in the error.

The solution wasn’t straight forward. Some resources indicated recreating the user would resolve the issue but this wasn’t an option. I ended up modifying the UserPrincipalName, performing an Azure Active Directory Sync, changing the UserPrincialName back to it’s original value, and then performing another sync to resolve the Sync conflict.

Solution

  1. Launch the Active Directory Users and Computers snap-in.
  2. Select your domain and then click View → Advanced Features.
  3. Locate the User Object and open the Properties Dialog.
  4. Select the Attribute Editor tab and locate the UserPrincipalName. Modify the UserPrincipalName to something else temporarily. For example, add an “X” to the end of the username. Click OK and Apply.
  5. Allow Azure Active Directory to synchronize. This can be manually initiated from your DirSync (Azure AD server) by running the following PowerShell Command.
    Start-ADSyncSyncCycle -PolicyType Delta
  6. Check your Microsoft 365 Admin Center – the conflict message should now be gone.
  7. Return to the User’s Properties dialog and change the UserPrincipalName attribute back to it’s correct value.
  8. Allow Azure Active Directory to synchronize.
  9. Check the Microsoft 365 Admin Center – the conflict message should not reappear.

View Comments