Since some time we have the ability to see the health of the Azure Active Directory Connect in the new portal (https://portal.azure.com) and since a few days I saw that the sync errors are now displayed in this blade as well. This is a great addition, because it will give a better overview of the synchronization errors than the email you get every 30 minutes. I also have noticed that there are rules created to move this email to another map when it arrives because it gives a lot of clutter in the mailbox.
In the above image you see a part of the email that is send out every 30 minutes with the errors there are in the synchronization. It will give you the user that has the issue, a description what is wrong and the sourceAnchor. When you have just one AD that you synchronize with it is not that hard to find the issue, but when you have multiple like we have with this customer, the search is a lot harder. You do not have the other user or contact where the issue is with.
Microsoft has solved this now with adding the synchronization issues into the blade for the Azure Active Directory Connect Health.
In this blade there is a section for the sync errors
The sync errors are nicely divided by error type
- Duplicate attribute
- Data mismatch
- Data validation failure
- Large attribute
When you open one of these error type, you get the specified errors and you can see the details of the error and what other object the conflict is with.
Now that we have the object with the error and the conflicting object it makes a lot easier to solve the synchronization error.