Friday, March 31, 2017

Duplicate Attribute Resiliency - New Identity Synchronization Feature

I just received an email with a subject of  "New Identity Synchronization Feature Being Enabled - Duplicate Attribute Resiliency".  Microsoft has provided detailed information in this email.  I thought that was interesting and of course very useful!  Great job Microsoft and looking forward to receiving these types of additional information about upcoming features.

Here are the details of Duplicate Attribute Resiliency:

A new feature called Duplicate Attribute Resiliency is being introduced in order to eliminate friction caused by duplicate UserPrincipalName and ProxyAddress conflicts when running one of Microsoft’s synchronization tools. This new feature is being rolled out across all of Azure Active Directory, and will be enabled for your tenant on 04/19/2017. The new behavior that this feature enables is in the cloud portion of the sync pipeline, therefore it is client agnostic and relevant for any Microsoft synchronization product including Azure AD Connect, DirSync and MIM + Connector. Please read on to learn how this change impacts the way Azure Active Directory handles these specific certain types of Identity synchronization errors.

Current behavior

If there is an attempt to provision a new object with a UPN or ProxyAddress value that violates this uniqueness constraint, Azure Active Directory blocks that object from being created. Similarly, if an object is updated with a non-unique UPN or ProxyAddress, the update fails. The provisioning attempt or update is retried by the sync client upon each export cycle, and continues to fail until the conflict is resolved. An error report email is generated upon each attempt and an error is logged by the sync client.

New Behavior - with Duplicate Attribute Resiliency

  • Instead of completely failing to provision or update an object with a duplicate attribute, Azure Active Directory “quarantines” the duplicate attribute which would violate the uniqueness constraint.
  • If this attribute is required for provisioning, like UserPrincipalName, the service assigns a placeholder value. The format of these temporary values is “+<4digitnumber>”.
  • If the attribute is not required, like a ProxyAddress, Azure Active Directory simply quarantines the conflict attribute and proceeds with the object creation or update.
  • Upon quarantining the attribute, information about the conflict is sent in the same error report email used in the old behavior. However, this info only appears in the error report one time, when the quarantine happens, it does not continue to be logged in future emails. Also, since the export for this object has succeeded, the sync client does not log an error and does not retry the create / update operation upon subsequent sync cycles.

The way all other types of errors are processed remains unchanged, this feature is only relevant for duplicate UserPrincipalName and ProxyAddress conflicts.

To read more about the behavior change along with identifying and resolving conflicts, please see this article: Identity synchronization and duplicate attribute resiliency


Sounds like great features! This really changes the way that Azure Active Directory handles specific certain types of Identity synchronization errors.
json formatter
spanish to english

This comment has been removed by the author.

Such great and useful information in such a little post. It’s amazing how you did it! Never thought I could discover insider information so easy. Keep up with updates, it really could help people a lot with understanding it. Feel free to check out new review of, it is great.

Check out this blog, guys, there are more articles on this issue.

Programmable SMS is expanding with thousands of Cloud and software based organizations now effectively using it to execute KYC (Know your customer) as well as send OTPs, alerts and digital receipts. This has led to not only improved productivity but better customer relationships.

With 2 way sms, you can get customers to answer quick surveys and polls via text messaging. It may be the least bothersome way to get them to answer as compared to chasing them in malls.

Writing a term paper requires students to spend personal time, knowledge, and full immersion in the topic. This is the only way to present a worthy job to the teacher. However, not all students can cope with writing a term paper, some do not have enough time, some have not fully mastered the material. Each has his own objective reasons why he cannot start writing a term paper on his own. Do not despair and think that there is no place to wait for help it will help out at any time of the day or night

Post a Comment

Popular Posts


Twitter Delicious Facebook Digg Stumbleupon Favorites More