Find Objects with Duplicate UPN or SMTP values in Active Directory

If you are familiar with the errors generated from AADSync or DirSync that tell you about a duplicate object in your environment, you understand the pain associated with sometimes trying to track down which objects have the conflicting values.

 
 
 
 
 
4.7 Star
(3)
9,202 times
Add to favorites
Active Directory
9/13/2018
E-mail Twitter del.icio.us Digg Facebook
  • Timeout
    1 Posts | Last post April 27, 2019
    • Tried in new EMS and windows powershell
      Get-ADObject : This operation returned because the timeout period expired
      At line:1 char:13
      + Get-ADObject <<<<  -Server na.xxxxx.com -Filter { Userprincipalname -eq "karen.smith@xxx.com" -or mail -eq "kare
      n.smith@xxx.com" -or msRTCSIP-PrimaryUserAddress -like "*:karen.smith@xxx.com" -or proxyAddresses -like "*:karen.sm
      ith@xxx.com" } -Properties UserPrincipalName,DisplayName,DistinguishedName,objectClass,mail,proxyAddresses,msExchReci
      pientDisplayType,msExchRecipientTypeDetails,mailnickname,targetAddress,msRTCSIP-PrimaryUserAddress | Out-String | Forma
      tColor -StringMatch "karen.smith@xxx.com" -HighlightColor $()
          + CategoryInfo          : NotSpecified: (:) [Get-ADObject], ADException
          + FullyQualifiedErrorId : This operation returned because the timeout period expired,Microsoft.ActiveDirectory.Man
         agement.Commands.GetADObject
      
  • Timeout
    2 Posts | Last post June 12, 2018
    • Got "Get-ADObject : The operation returned because the timeout limit was exceeded" and I am not quite sure what to do with it...
    • How are you running this?  I ran it on a DC with about well over 1m user objects without issue.
  • Question on running
    2 Posts | Last post February 27, 2018
    • I am not a powershell expert at all, so maybe I am not running it correctly.  I am getting a proxyaddress associated with another account message when syncing AD.  When I run the script in powershell it automatically closes after a few seconds.  Am I doing something wrong?
    • Make sure you run it in a new powershell session.  Double-clicking it after it's downloaded will just result in it running with no parameters.
  • $Color variable?
    1 Posts | Last post November 13, 2017
    • I just downloaded your script to see if I could use it for a similar scenario where I import a list of addresses to check for duplicates from a CSV file. Worked great. Thanks.
      
      However, I might be misled but I seem to have found a small bug. On lines 174 and 182, you use the Get-ADObject command and then Pipe it finally into the FormatColor function you have described earlier in the script. You run this command with the parameters -StringMatch and -HighlightColor but you pass the variable $Color into the HighlightColor parameter. I have the two below questions regarding this:
      
      1. If you have 'hard coded' the default color as $OutputColor within the FormatColor function/filter block on line 106, why would you need to use this parameter in the call of the function in line 174 and 182?
      
      2. The variable $Color is not defined. I believe it should be $OutputColor
      
      Sid  
  • Can you get all user accounts with duplicate?
    4 Posts | Last post September 05, 2017
    • Do you have to specify an address or can it just report any 2+ accounts sharing the same address? 
    • You need to specify an address.  You'd get an address from an Azure AD / MS Online Services notification that says you have duplicate IDs.  I am working on turning this into a tool to help with matching, although we already have IDFix that does most of it (it just doesn't match across object types).
    • Ok I may see if I can just do a foreach in the environment and run the script against them. Of course that will probably take forever since I have about 11,000 AD users. 
    • I've thought about creating a tool to actually do it, until IDFix gets updated to perform the function.  At this point, the best practice is still to run IDFix, fix it, and then let AAD Connect do it's thing and have it report the errors.
      
      You can us CSExport (included with AAD Connect) to export all of the duplicate objects reported, as well. I originally wrote this tool before the updated AAD reports that give back more information.
  • Thank you for this DirSync Helper!
    2 Posts | Last post June 11, 2016
    • This is a great sidekick script to help when wading through the intricacies of DirSync, and much appreciated! Thanks for your efforts!
      
      Josh
    • You are quite welcome.  I'm continuously adding to it, so check back often.