AD Connect – Sync-rule-error-function-triggered

Posted on by

I recently worked on a project that had the following scope.

  • Migrate 6 Office365 tenants into a new single Office365 tenant
  • Migrate all users, sidhistory and computer accounts into a new AD Forest using Quest Migration Manager for Active Directory from 10 source Active Directory Forests to a new Windows Server 2019 Active Directory Forest.

14 user objects could not sync changes like adding aliases. If I extract the affected user’s immutable from the source office365 tenant it was different to the corresponding users immutableid in the new tenant.

So where is the problem? Why wont the changes sync?

When further analyzing the errors in AD Connect, I could see that the cloudanchor attribute in my new tenant had the same immutable ID as the source tenant.

So how do we fix this?

  1. Exclude the following two attributes from Quest Migration Manager for Active Directory migrations and synchronization tasks ‘mS-DS-ConsistencyGuid’ & ‘msDS-ExternalDirectoryObjectId’
  2. Then run this powershell command to export all destination  site immutable IDs

    get-aduser -filter * -SearchBase “OU=Contoso” | select samaccountname,mail,userprincipalname,objectguid,@{label=”ImmutableID”;expression={[System.Convert]::ToBase64String($_.objectguid.ToByteArray())}} | export-csv CSV LOCATION

  3. Then run the following command and replace the immutable id from the exported csv in step3 in the bold text below to convert the immuttableid to HEX format
    [system.convert]::FromBase64String(“rk4ZgeI/l0OpdRr5PiwU1g==“) | %{$a += [System.String]::Format(“{0:X}”, $_) + ” “};$result = $null;$result = $a.trimend();$result
  4. The output of this command will convert the immutable ID from the CSV to a Hex value like AE 4E 19 81 E2 3F 97 43 A9 75 1A F9 3E 2C 14 D6
  5. Next step is to populate the ‘mS-DS-ConsistencyGuid’ attribute with the hex value from step 4 and replicate domain controllers.
  6. Run a delta or initial sync on AD Connect and the issue will be resolved.

Reference Article: https://docs.microsoft.com/en-us/archive/blogs/latam/using-the-consistencyguid

 

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s