Solving "DN Attributes Failure" Error on Azure Sync

Introduction

Azure sync helps to synchronize objects in an on-premise directory to an Azure AD directory. This feature helps organizations to have a single directory to provide user access to cloud applications like Office 365, contact sync, Microsoft Intune, etc.

When a directory sync is configured, the on-premises directory is referenced as the source directory, while the Azure AD directory acts as the target. The synchronization process is responsible for moving objects between the source and target directories.

Problem

In certain cases, issues arise during the synchronization process that results in DN attributes failing to synchronize. The outcome will be objects which appear failed in both the source and target directories.

When this happens, the user will not be able to access the resource applications until the DN attribute issue is resolved.

Solution

We can resolve the DN attributes issue by following the following steps:

Step 1: Check the manually hidden objects in source directory

One of the reasons why the DN attributes fail to synchronize is if someone has manually blocked an object in the source directory. If a user account is manually blocked in the source directory, it will not be visible in the target directory.

Therefore, it is important to first check the manually hidden object in the source directory using the following steps:

  • Navigate to the source directory, then go to the ‘User’ page and click on the ‘Manually hidden objects’ filter.
  • The next step is to review the list of possible matches by clicking on the ellipsis (…) next to each object.
  • Finally, uncheck the ‘Hidden’ box to allow the object to synchronize and show up in the target directory.

Step 2: Check the target directory

The next step is to review the target directory by going to the ‘User’ page, and then selecting the ‘All users’ filter. This will display all of the objects in the target directory.

If you see objects missing from the list, then it is possible that the synchronization process has failed due to a DN attribute issue.

Step 3: Review identity sources

When DN attributes fail due to a synchronization issue, it is likely that the identity sources are clashing. This means that you may have two identities from different sources, such as the local directory and a third-party system, with the same attributes value.

Therefore, it is important to review the identity sources to make sure that they are configured correctly and no conflicts exist.

Step 4: Review object properties

The next step is to review the object properties in both the source and target directories. This is important to rule out any possible discrepancies between the DN attribute values for the object in the two directories.

To review the object properties, simply navigating to the object in both the source and target directories, and then clicking on the ‘Details’ tab. Then, compare the DN attribute values to make sure that they match.

FAQ

Q1: What is the cause of DN attribute failure?

DN attribute failure is caused by manual blocking of objects in the source directory, identity sources clashing, or object properties discrepancies between the source and target directory.

Q2: How can I unblock an object in the source directory?

To unblock an object in the source directory, navigate to the ‘User’ page, then click on the ‘Manually hidden objects’ filter. Review the list of possible matches, then uncheck the ‘Hidden’ box to allow the object to synchronize and show up in the target directory.

Q3: How can I check the target directory for missing objects?

To check the target directory for missing objects, navigate to the ‘User’ page and select the ‘All users’ filter. This will display all of the objects in the target directory. If you see objects missing from the list, then it is possible that the synchronization process has failed due to a DN attribute issue.

Q4: How can I check for identity sources clashes?

To check for identity sources clashes, it is important to review the identity sources to make sure that they are configured correctly and no conflicts exist.

Q5: How can I review object properties in the source and target directory?

To review object properties in the source and target directory, navigate to the object in both the source and target directories, and then click on the ‘Details’ tab. Then, compare the DN attribute values to make sure that they match.

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Lxadm.com.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.