Fix Duplicate Email Addresses for On-premises Mail-Enabled Objects


Download Windows Server 2012

Problem 1

In Microsoft Office 365, an administrator receives the following email message warning when directory synchronization finishes:

From: MSOnlineServicesTeam@MicrosoftOnline.com

Subject: Directory Synchronization Error Report
The error report in the email message may contain one or more of the following error messages:

This issue may occur if mail-enabled objects in the on-premises Active Directory Domain Services (AD DS) have duplicate or invalid values, and these user objects are not synchronized from the AD DS to Office 365 correctly during directory synchronization.

Problem 2

If OnRAMP autocheck finds that duplicate values exist in your on-premises Active Directory, you will get a table-separated values file that contains these objects. Here is an example of this file.

Note OnRamp for Office 365 is an automated assistance tool that helps you gather configuration requirements and perform deployment readiness checks against your on-premises environment. Please refer to OnRamp for Office 365 for more details.

Solution

This script enables you to export mail-enabled objects with duplicated email addresses. After correcting the attributes for these groups, you can use this script to import them to your on-premises Active Directory.

The following procedure describes how to remove duplicate email addresses by using this script.

  1. After downloading the script package, you need to extract all the files to a folder on a domain joined computer. For example, c:\script.
  2. Run Import-Module cmdlet to import this module file.
    Import-Module filepath\FixDuplicateMailAddresses.psm1
  3. (Optional) Run the following command if you want to read the help of this function.
    Get-Help Export-OSCADObjectEmailAddress -Full
  4. Run one of the following command to export mail-enabled groups that have duplicate email address to a comma-separated value (CSV) file.

    a) If you get duplicate email address from Directory Synchronization Error Report, please run this command. If you don’t know how to get duplicate email address from Directory Synchronization Error Report, please refer to “How to get Duplicate Email Address from Directory Synchronization Error Report” in this documentation.
    Export-OSCADObjectEmailAddress -EmailAddress "jdoe@corp.contoso.com" -Path .\outputs.csv

    b) If you have an OnRamp autocheck results file, please run this command.
    Import-Csv .\OnRamp_Duplicates.txt -Delimiter `t | ?{$_.AttributeName -match "mail|proxyaddresses|targetaddress"} | Select-Object -ExpandProperty Value -Unique | Export-OSCADObjectEmailAddress -Path .\outputs.csv
  5. When you get the output file, make a copy of this file and rename it with a new name, for example, inputs.csv. Then set the original output file as read-only. You can use the original output file to restore the old values of object attributes in case something goes wrong.
  6. Refer to “How to Edit the Input File” in this documentation for the steps to edit the input file.
  7. Run the following command to import new object email address.
    Import-OSCADObjectEmailAddress -Path .\inputs.csv

The following procedure describes how to roll back the changes by using this script.

  1. Run Import-Module cmdlet to import this module file.
    Import-Module filepath\FixDuplicateMailAddresses.psm1
  2. Run the following command to import the original values of attributes.
    Import-OSCADObjectEmailAddress -Path .\outputs.csv

Note

Running the scripts should be possible from any domain joined PC running Win7, Server 2008, or above.  .NET Framework including PowerShell is the desired interface.  We suggest you run these scripts logged on as a user that is a member of Enterprise administrators group or with sufficient permission to modify objects in all domains in the forest.

The output file contains an objectGUID column. The objectGUID attribute value of an Active Directory object is converted to a Base64 string in this column. It can help you to determine the account(s) that did not sync.  Match the objectGUID from the Directory Synchronization Error Report mail with the object returned in outputs.csv.

If you receive following error message, please change the execution policy to Unrestricted by running this command Set-ExecutionPolicy Unrestricted.
“Import-Module: File path\scriptname.psm1 cannot be loaded because running scripts is disabled on this system. For more information, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170.”

How to Get Duplicate Email Address from Directory Synchronization Error Report

Office 365 Administrators may receive a Directory Synchronization Error Report that contains following table. In error description, you can find the attributes with duplicate email address in this format “AttributtName ProtocolName:Email Address”. In this example, ProxyAddresses is the attribute name. SMTP is the protocol name. jdoe@contoso.onmicrosoft.com is the duplicate email address that is required by Export-OSCADObjectEmailAddress.
 The following errors occurred during synchronization:

Identity

Error Description

On-premises object ID

John Doe

Unable to update this object because the following attributes  associated with this object have values that may already be associated with  another object in your local directory services: ProxyAddresses SMTP:jdoe@contoso.onmicrosoft.com;.  Correct or remove the duplicate values in your local directory. Please refer  to http://support.microsoft.com/kb/2647098  for more information on identifying objects with duplicate attribute values.

AIQwHQkEh0CPbndzfrBSNQ==

 

How to Edit the Input File

After running Export-OSCADObjectEmailAddress, you can make a copy of the output file and rename it with a new name, for example, inputs.csv. Then you can open the input file with Notepad. It is because that the DistinguishedName column may contain a long text, you need to turn off word wrap. Here is an example of the input file.

In this example, you need to remove the duplicate email address “smtp:jdoe@corp.contoso.com” from ProxyAddresses column. Please pay attention that proxyAddresses is a multi-valued attribute. So each email address is enclosed by a single quotation mark (') and separated by a space. You should carefully remove the duplicated email address. Otherwise, an error will occur when importing this file by using Import-OSCADObjectEmailAddress.

Here is the input file after removing the duplicate email address.

 

Script Introduction

This script contains the following function:

Here are some code snippets for your references. 

PowerShell
Edit|Remove
if ($Credential-ne $null) { 
    $networkCred = $Credential.GetNetworkCredential() 
    $ldapDirectoryIdentifier = New-Object System.DirectoryServices.Protocols.LdapDirectoryIdentifier($targetDomainFqdn, 3268) 
    $ldapConnection = New-Object System.DirectoryServices.Protocols.LdapConnection($ldapDirectoryIdentifier,$networkCred) 
} else { 
    $ldapDirectoryIdentifier = New-Object System.DirectoryServices.Protocols.LdapDirectoryIdentifier($targetDomainFqdn, 3268) 
    $ldapConnection = New-Object System.DirectoryServices.Protocols.LdapConnection($ldapDirectoryIdentifier) 
} 

 

Additional Resources

Technical Resources:
Windows PowerShell Advanced Function
System.DirectoryServices.Protocols Namespace
Appendix F Directory Object Preparation
Duplicate or invalid attributes prevent Office 365 directory synchronization
How to Use PowerShell to Fix Duplicate Email Addresses for On-Premises Mail-Enabled Objects