Environment: Exchange Account-Resource Forest scenario with Hybrid coexistence to Office 365.
The affected Metaverse object in Azure AD Connect has 3 connectors:
Connector A: Account Forest
Connector B: Resource Forest
Connector C: tenantname.onmicrosoft.com
When Connector A runs the run-profile "Delta Synchronization", following error occurs:
A different entry with target identifier already exists
at SyncManagedUtil.PopulateGraphLinks(IObjectLinkGraph graph, CMvObject* mvObject, IEntryModification csEntry, IEntryModification mvEntry)
at ObjectNamespace.LoadLinkedTargetObjects(IObjectLinkGraph graph, IEntryModification targetMvObject)
at Microsoft.MetadirectoryServices.SyncRulesEngine.JoinModule.LinkSourceToTarget(IEntryModification sourceObject, IEntryModification targetObject, SynchronizationRule syncRule, SyncRulePipelineArguments pipelineArguments, Boolean joiningToExistingTarget)
at Microsoft.MetadirectoryServices.SyncRulesEngine.JoinModule.ExecuteJoinProcessingForSyncRule(IEntryModification sourceObject, SynchronizationRule syncRule, SyncRulePipelineArguments pipelineArguments, AttributeFlowModule attributeFlowModule, Guid excludedMVObjectIdWhenSearchingGraphForJoin)
at Microsoft.MetadirectoryServices.SyncRulesEngine.JoinModule.Execute(PipelineArguments argsToProcess)
at Microsoft.MetadirectoryServices.SyncRulesEngine.Server.SyncEngine.RunSyncPipeline(SyncRulePipelineArguments pipelineData, List`1 pipelineChain)
at Microsoft.MetadirectoryServices.SyncRulesEngine.Server.SyncEngine.Synchronize(SynchronizationOperation operation, IObjectLinkGraph inputGraph, Boolean preview)
at ManagedSyncRulesEngine.Synchronize(ManagedSyncRulesEngine* , CCsObject* sourceCsObject, CMvObject* mvObject, SynchronizationOperation operation, Char** error)
InnerException=>
none
Native call stack:
I have already done following steps:
a) Move the affected user account in the Resource forest into another OU, which is not selected for synchronization in Azure AD Connect
b) Executed following cmdlets in Azure AD Powershell to hard-delete the user account in Azure AD:
Get-MsolUser -UserPrincipalName firstname.lastname@domain.com | Remove-MsolUser
Get-MsolUser -ObjectId 7910e569-161b-41b3-be1c-994de12471a0 -ReturnDeletedUsers | Remove-MsolUser -RemoveFromRecycleBin
c) Executed 2x times the cmdlet on Azure AD Connect server to run delta sync
Start-ADSyncSyncCycle -PolicyType Delta
d) At this point, the user account has been synchronized by Azure AD Connect to Azure AD (because the user account from Account Forest was still there)
e) In the Resource forest, moved the user account back from the OU which was out of scope into the original OU which is selected in Azure AD Connect
f) Executed 1x times the cmdlet on Azure AD Connect server to run delta sync
Start-ADSyncSyncCycle -PolicyType Delta
And the error happened again when Connector of Account Forest has executed the run-profile "delta synchronization".
Unfortunately, we cannot move the user account in the Account Forest to another OU which is out of scope for Azure AD Connect.
Anyone can help further?
Thank you very much in advance!