The following forum(s) have migrated to Microsoft Q&A (Preview): Azure Active Directory!
Visit Microsoft Q&A (Preview) to post new questions.

Learn More

 locked
AAD Sync errors in Hybrid Exchange involving SystemMailbox{GUID}@ad.contoso.com (4 of them) and Discovery Mailbox RRS feed

  • Question

  • I had installed AAD Sync with a fresh AD install.  Only Exchange Online was in use.  Had issues with SMTP primary addresses and Mail Enabled security groups, so decided to install local Exchange in the domain and go to a Hybrid Mode.

    Once Exchange is installed the AAD sync tools sends me emails (below).

    Seems that the AAD sync tool should be excluding these user objects.  Can anyone give any advice on how to fix this?

    The following errors occurred during synchronization:


    Identity Error Description
    SystemMailbox{1f05a927-0359-4c28-a2d7-07c79cb8f25d} @ ad.domain.com Unable to update this object in Azure Active Directory, because the attribute [Username], is not valid. Update the value in your local directory services. O1SZt7gIgkK1W8MPzs/z6g==
    SystemMailbox{8cc370d3-822a-4ab8-a926-bb94bd0641a9} @ ad.domain.com Unable to update this object in Azure Active Directory, because the attribute [Username], is not valid. Update the value in your local directory services. LBd/6h89vkuCj3Khc3q+gg==
    DiscoverySearchMailbox {D919BA05-46A6-415f-80AD-7E09334BB852} @ ad.domain.com Unable to update this object in Azure Active Directory, because the attribute [Username], is not valid. Update the value in your local directory services. vzW7VW424UW3QU7FKZjljw==
    SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c} @ ad.domain.com Unable to update this object in Azure Active Directory, because the attribute [Username], is not valid. Update the value in your local directory services. OZb8m890zkmkYvQ0fxYi8w==
    SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9} @ ad.domain.com Unable to update this object in Azure Active Directory, because the attribute [Username], is not valid. Update the value in your local directory services. dOTNnOcZekGtN7q0Hb2ksQ==

     Tracking ID: 60e38d03-7566-4156-abe4-368b61b41d86

    Sunday, January 22, 2017 6:46 AM

Answers

All replies

  • No, how do I do this "refresh the AAD Connect schema"?
    Sunday, January 22, 2017 8:23 AM
  • Run the wizard and select the corresponding option. If you need detailed instructions I've blogged about it here a while back: http://www.michev.info/Blog/Post/1370/
    Sunday, January 22, 2017 3:09 PM
  • That did it.  Thanks for pointing me in the right direction.
    Sunday, January 22, 2017 3:42 PM
  • While Vasil L. Michev's answer pointed me the right direction, it didn't take care of the issue for me.

    I had to dig a little further into the SystemMailbox accounts that were failing on the Sync jobs to O365 in our hybrid environment.

    I was dealing with something like this yesterday after extending my AD schema in preparation for Exchange 2016 CU6 (upgrading from CU3).  For whatever reason it created two new SystemMailbox accounts.  Within those AD account attributes, the mail and mailNickName values were blank.
    After opening a ticket with O365 support they pointed me to:
    https://support.microsoft.com/en-in/help/2804688/you-can-t-sync-the-systemmailbox-or-discoverymailboxsearch-accounts-by

    Yeah - don't do anything like populating the mail and mailNickName field on those SystemMailbox AD accounts manually.  They're put there for the CU install and the necessary values WILL be updated when the CU is installed.  It will set several attributes that it needs.  My 2016 CU6 install was failing at the mailbox role.  After several tries, I really dug into the log and lo and behold, it was barking about one of those new SystemMailbox accounts.  I cleared all the values, replicated my AD, then restarted the CU setup.  It went through and populated the necessary attributes and set several settings and permissions on them.  The CU completed successfully.

    While it's annoying to have those sync errors coming up, it's worth putting up with them if you're extending your schema, giving some time for settings to replicate, and then going for the install of an Exchange CU.

    • Edited by Ytsejamer1 Tuesday, August 15, 2017 5:28 AM text size
    • Proposed as answer by Byron Wright Monday, August 28, 2017 8:52 PM
    Friday, August 11, 2017 1:33 PM
  • Thanks Ytsejamer1. I just ran into exactly this issue when adding a new hybrid server to an Exchange 2010 organization. Errors occurred after I ran /PrepareAD, but were resolved when the installation of Exchange Server 2016 CU6 was complete.

    I did also update the schema as suggested by Vasil L. Michev. That was done after /PrepareAD, but before Exchange Server 2016 was installed.


    Byron Wright (http://byronwright.blogspot.ca)


    Monday, August 28, 2017 8:52 PM