none
User sync failing due to "The dimage has an anchor that is different than the image"

    Question

  • I have one user failing to sync between AAD and AD. The error is "sync-generic-failure". The stack trace error is a bit more detailed: "The dimage has an anchor that is different than the image".

    The user in question existed in AAD as a manually created user before AD Sync was set up.

    The user account was then deleted from AAD, and I think that started this behavior.

    Can I remove the link between the AD user and the AAD user completely, so the AAD user can be deleted, and the AD user can be synchronized to AAD?

    Friday, March 13, 2015 1:11 PM

Answers

  • In the end I opened a support case. The engineer deleted the two connectors in "Synchronization Service Manager" and we configured it from the beginning.

    Afterwards the problematic user account could be synchronized properly.

    • Marked as answer by rasmusw Monday, March 16, 2015 2:41 PM
    Monday, March 16, 2015 2:41 PM

All replies

  • Hello,

    Use the following commands to delete the user from azure AD. Then sync the user from on-premise:

    Commands:

    Connect-MSOLService  (enter your tenant's global admin creds)

    Remove-MSOLUser -UserPrincipalName <user's UPN>

    Remove-MSOLUser -UserPrincipalName <user's UPN> -RemoveFromRecycleBin

    Once this is done, the user should be completely deleted from azure AD. Now you can re-sync your on-premise user.

    Note: These commands needs to be run in azure AD module for powershell "https://msdn.microsoft.com/en-us/library/azure/jj151815.aspx"

    Regards,
    Nagaraj


    Friday, March 13, 2015 5:20 PM
  • That sounded plausible, and I tried it, but it didn't work.

    The user is no longer returned by "get-msoluser -ReturnDeletedUsers", but I'm still getting the same error when doing a sync.

    When importing from AAD it still detects that the user was there previously.

    • Edited by rasmusw Friday, March 13, 2015 7:38 PM
    Friday, March 13, 2015 7:33 PM
  • Hello,

      Have you tried uninstalling and Reinstalling AADSync. The latest build should have a fix for this issue.
      Or i would suggest you contact support at http://azure.microsoft.com/en-in/support/options/   and have a Support Enginner look at this issue and walk you through a Phantom Object Procedure.
     
    Regards,
    Nithin Rathnakar.

    Monday, March 16, 2015 7:04 AM
    Moderator
  • In the end I opened a support case. The engineer deleted the two connectors in "Synchronization Service Manager" and we configured it from the beginning.

    Afterwards the problematic user account could be synchronized properly.

    • Marked as answer by rasmusw Monday, March 16, 2015 2:41 PM
    Monday, March 16, 2015 2:41 PM
  • I ran into this problem in the last couple of weeks using AADConnect in Staging Mode.  I thought I would put a cross-reference to my particular resolution on this post here.

    Hope this helps the next person!


    Bob Bradley (FIMBob @ TheMIMTeam.com) ... always using MIM Event Broker for just-in-time delivery of MIM 2016 policy via the sync engine, and continuous compliance for MIM/FIM.

    • Proposed as answer by UNIFYBobMVP Wednesday, September 14, 2016 9:04 AM
    Wednesday, September 14, 2016 9:04 AM