Having issue in Exchange Online - Group deletion via AAD Connect


  • I have a hybrid environment with Exchange 2016 server and using AAD Connect for Synchronization, when i delete old groups or contacts from local active directory they disappear over there and appear again after the next sync run in Exchange Online, Moreover I found that there was a group delivery setting "only inside of my organization" on local active directory and Exchange online and after deleting from local active directory the delivery settings went change "Sender Inside outside of the organization" in exchange online and don't delete groups.

    see this error in Synchronization Service Manager "Error: exported-change-not-reimported .... Synchronization Step: Staging"

    Please share your findings/suggestions related this issue. .

    Tuesday, March 7, 2017 12:03 PM

All replies

  • This issue may occur when you configure a newly created user as a disabled user by setting the constant value 514 in the userAccountControl attribute of the user account. This issue occurs because the user account object is waiting for confirmation that the constant value was set correctly in Active Directory. The object expects to import the same value that the object sent to Active Directory. However, because the value that is returned is 546 instead of 514, you receive the "Exported-change-not-reimported" error message.

    The userAccountControl attribute is a special attribute. Active Directory assigns certain default values to this attribute when a new user is created. The values that are assigned depend on the user configuration that is created. By default, Active Directory disables a new user account unless a password is set for that account. In the scenario that is described in the "Symptoms" section of this article, you create a typical user account by assigning the following constant value to the userAccountControl attribute of that user account:

    Constant Hexadecimal value Decimal value
              0x200           512

    If you set this account to be a disabled user account, Active Directory automatically adds the "No password is required" ADS_PASSWD_NOTREQD constant to the userAccountControl attribute of this user account. The resultant value is 546 decimal, as illustrated by the entries in the following table:

    Constant     Hexadecimal value      Decimal value
    ADS_UF_NORMAL_ACCOUNT           0x200           512
    ADS_UF_ACCOUNTDISABLE           0x0002           2
    ADS_PASSWD_NOTREQD           0x0020           32

    To avoid this issue, Microsoft recommends that you set the constant value to 546 instead of to 514 for a disabled account. Both values disable the user account. If you use the 546 value, you do not receive the "Exported-change-not-reimported" error message because the imported value and the exported value match.

    Wednesday, March 8, 2017 10:39 AM