1

I am syncing our local AD (from SBS 2011) to Azure AD using the DirSync tool, but since a few days I get an error like the following (translated from local language):

The object can't be updated in Windows Azure Active Directory, because the attribute "AccountEnabled" is invalid. Update this value in your lokal directory service.

Does someone know what this attribute is about and how I can fix that?

I also get a "Local ID of the object" - can I search that object somehow in my local AD?

maweeras
  • 2,734
  • 2
  • 17
  • 23
Christoph Fink
  • 206
  • 1
  • 4
  • 10
  • 1
    See if this solution works for you : [DirSync and Disabled Users: The BlockCredential Attribute](http://mikecrowley.wordpress.com/2013/10/23/dirsync-and-disabled-users-the-blockcredential-attribute-part-one/). – harrymc Apr 12 '14 at 09:52

3 Answers3

1

I know this is an old post, but recently had a flood of emails with the same error. It seems to have started after I ran 'full sync' on just the 365 connector.

The emails stopped after a doing a proper full import and sync. With the recent version of Azure AD Connect the PowerShell command for this is:

Start-ADSyncSyncCycle -PolicyType Initial
WhoIsRich
  • 421
  • 4
  • 7
0

Try to add the immutableID to the Office365 user, after that change some propertie for the AD user wait 5 minutes, then run AADConnect again.

FixThis
  • 1
-1
  1. On your Dirsync server, click Start, click Regedit in the search box and press Enter. Click Yes.
  2. Locate the following registry subkey: HKEY_LOCAL_MACHINE\Software\Microsoft\MSOLCoExistence
  3. Change the value of the entry fullsyncneeded to 1. If the value is 1, the full sync is enabled. When all the data is synced, the value for fullsyncneeded will be changed to 0, and it will changed the delta sync automatically.
  4. Open DirSyncConfigShell(%programfiles%\Windows Azure Active Directory Sync. Double-click DirSyncConfigShell.psc1).
  5. Run the following cmdlet. Start-OnlineCoexistenceSync
Chinh Tran
  • 1