![]() ![]() ![]() A background timer task has been enabled in Azure Active Directory that runs every hour to look for duplicate attribute conflicts that have been resolved, and automatically removes the attributes in question from quarantine. This is a multi-valued attribute that is used to store the conflicting attributes that would violate the uniqueness constraint should they be added normally. To support this behavior a new attribute has been added to the User, Group, and Contact object classes: DirSyncProvisioningErrors Also, since the export for this object has succeeded, the sync client does not log an error and does not retry the create / update operation upon subsequent sync cycles. However, this info only appears in the error report one time, when the quarantine happens, it does not continue to be logged in future emails. Upon quarantining the attribute, information about the conflict is sent in the same error report email used in the old behavior. If the attribute is not required, like a ProxyAddress, Azure Active Directory simply quarantines the conflict attribute and proceeds with the object creation or update. The format of these temporary values is attribute resiliency process handles only UPN and SMTP ProxyAddress values. If this attribute is required for provisioning, like UserPrincipalName, the service assigns a placeholder value. Instead of completely failing to provision or update an object with a duplicate attribute, Azure Active Directory “quarantines” the duplicate attribute which would violate the uniqueness constraint. Behavior with Duplicate Attribute Resiliency An error report email is generated upon each attempt and an error is logged by the sync client. The provisioning attempt or update is retried by the sync client upon each export cycle, and continues to fail until the conflict is resolved. Similarly, if an object is updated with a non-unique UPN or ProxyAddress, the update fails. If there is an attempt to provision a new object with a UPN or ProxyAddress value that violates this uniqueness constraint, Azure Active Directory blocks that object from being created. ![]() The generic term “sync client” is used in this document to represent any one of these products. The new behavior that this feature enables is in the cloud portion of the sync pipeline, therefore it is client agnostic and relevant for any Microsoft synchronization product including Azure AD Connect, DirSync and MIM + Connector. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |