Share iT…

Just configured a Azure AD Connect (AADConnect / AADSync) synchronisation between an on premise domain and Office 365. All users are synchronized without any problems except one user. Nothing special for this user, same OU, member of the same groups, no special rigths or anything visible different. Also no errors in AADConnect logs, event logs or whatever.

Also followed this helpful Microsoft document One or more objects don’t sync when the Azure Active Directory Sync tool is used, but none of the options described solved the problem. sAMAccountName, proxyAddresses, etc are all correctly filled.
Other strange thing is when you run IdFix as described in the same document, the result also does not show this specific “problem” user.

Solution:
Accidently I did an export of all mailboxes and properties and for this perticular user I saw that LinkedMasterAccount was filled with an SID and the IsLinked value was set to true.
To see if these values are set for this account run the following powershell command: get-mailbox username | select-object *link*

If the IsLinked is set to true the mailbox is a linked Mailbox and linked mailboxes are not synced to Azure AD, as described in this article: Understanding Users and Contacts in Azure Active Directory Sync

A disabled account will contribute userPrincipalName and sourceAnchor, unless it is a linked mailbox.

Disabled accounts are synchronized as well to Azure AD. Disabled accounts are common to represent resources in Exchange, for example conference rooms. The exception is users with a linked mailbox; as previously mentioned, these will never provision an account to Azure AD.

In this case the linked mailbox was probably a leftover from the past so we could convert the mailbox back to a normal user with this powershell command: Set-User -Identity kweku@fabrikam.com -LinkedMasterAccount $null and after that the account was directly synced to Azure AD at the next syncronization schedule.

• Delicious