You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/hybrid/tshoot-connect-sync-errors.md
+4-3Lines changed: 4 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -236,9 +236,10 @@ Azure AD Connect is not allowed to soft match a user object from on-premises AD
236
236
### How to fix
237
237
To resolve this issue do one of the following:
238
238
239
-
240
-
- change the UserPrincipalName to a value that does not match that of an Admin user in Azure AD - which will create a new user in Azure AD with the matching UserPrincipalName
241
-
- remove the administrative role from the Admin user in Azure AD, which will enable the soft match between the on-premises user object and the existing Azure AD user object.
239
+
- Remove the Azure AD account (owner) from all admin roles.
240
+
-**Hard Delete** the Quarantined object in the cloud.
241
+
- The next sync cycle will take care of soft-matching the on-premise user to the cloud account (since the cloud user is now no longer a global GA).
242
+
- Restore the role memberships for the owner.
242
243
243
244
>[!NOTE]
244
245
>You can assign the administrative role to the existing user object again after the soft match between the on-premises user object and the Azure AD user object has completed.
0 commit comments