Nowadays there are becoming lots of tools to convert objectGUID to immutable ID. However, one of my friend was facing a problem “AttributeMustBeUnique” in the Azure AD Connect (AADC). Mostly the articles that talk about this error “AttributeMustBeUnique“, is asking people to look at the “Deleted User” or Query the duplicate account from Recycle Bin.
For this case, is slight different.
To understand what is he facing,
- A user account was created at cloud first.
- A user account status is “in cloud” in Office 365 > Active Users
- There is no duplicated account in the Recycle Bin
- My friend he empty the Immutable ID and replace it with a new Immutable ID that is covert from objectGUID, to match the account in cloud with its account in on-premise
- He used a tool to convert the objectGUID to Immutable ID.
- Replace the empty Immutable ID with the converted ones and run a full sync from AADC server. However, he was still getting the error.
After checking upon it was the objectGUID that he copied wrongly. Thus, converted the Immutable ID value wasn’t matching the ones that Azure AD detected.
Azure AD Sync error detection able to detect, identify and provide the suppose correct value of Source Anchor (Immutable ID). Every deployment of Azure AD Connect will match the account via source anchor.
What is source anchor? In layman term is the Unique ID from cloud.