Troubleshooting #FIM2010: The Office 365 MA Connector export cycle has stopped. Object with DN CN={1234567890AABBCCDDEEFFGGHGGFFEEDDCCBBAA987654321} failed validation for the following attributes: member.

 

Event Viewer

Log Name: Application Source: Directory Synchronization Date: 32/13/2015 4:48:55 AM Event ID: 107 Task Category: None Level: Error Keywords: Classic User: N/A Computer: <servername />.<domain />.<root /> Description: The Office 365 MA Connector export cycle has stopped. Object with DN CN={1234567890AABBCCDDEEFFGGHGGFFEEDDCCBBAA987654321} failed validation for the following attributes: member. Please refer to documentation for information on object attribute validation. Event Xml: <Event xmlns=”http://schemas.microsoft.com/win/2004/08/events/event”&gt; <System> <Provider Name=”Directory Synchronization” /> <EventID Qualifiers=”0″>107</EventID> <Level>2</Level> <Task>0</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime=”2015-13-32T03:48:55.000000000Z” /> <EventRecordID>994163</EventRecordID> <Channel>Application</Channel> <Computer><servername />.<domain />.<root /></Computer> <Security /> </System> <EventData> <Data>The Office 365 MA Connector export cycle has stopped. Object with DN CN={1234567890AABBCCDDEEFFGGHGGFFEEDDCCBBAA987654321} failed validation for the following attributes: member. Please refer to documentation for information on object attribute validation.</Data> </EventData> </Event>

Root Cause

There is a technical limit of 15000 members, that the Office 365 management
agent can support.

Solutions

1. Keeping member numbers under 15000

• Eg. splitting groups

2. Migrating your O365 connector to AADSync

 

Additional info

Prepare for directory synchronization:
https://msdn.microsoft.com/en-us/library/azure/jj151831.aspx

Sources for #AADSync starters

I’ve collected some interesting base resources for getting started with AAD Sync at : http://aka.ms/aadsyncstarter

Feel free to comment or suggest other resources to be added.

#AADSync v1.0.0470.1023 released, with new features

Few days ago Microsoft launched a new release of the Azure AD Sync tool.

As mentioned in the AAD Sync Version Release History, this build adds the following features:

• Password synchronization from multiple on-premise AD to AAD
• Localized installation UI to all Windows Server languages

Get an overview and comparison for Directory Integration with Azure AD here .

1. Azure Active Directory Synchronization Tool (DirSync)
2. Azure Active Directory Synchronization Services (AAD Sync)
3. Forefront Identity Manager 2010 R2

The download location for AADSync (http://aka.ms/AADSyncDownload) has not changed, but has been updated with the new version.

Overview:

• Directory Integration Tools: http://msdn.microsoft.com/en-us/library/azure/dn757582.aspx
• AAD Sync Version Release History: http://msdn.microsoft.com/en-us/library/azure/dn835004.aspx

Note-to-Self: Microsoft Security Newsletter September 2014

Source: http://aka.ms/MSSecuritynewsletter

In this months newletter you’ll find guidance on:

• Windows Phone 8.1 Security Overview
• Windows Phone Security Forum for IT Pros
• Create Stronger Passwords and Protect Them
  • Inlcuding  free online tool offered by Microsoft Research, called Telepathwords, for those that would rather have a randomly generated strong password created for them.
• Two-Factor Authentication for Office 365
• Multi-Factor Authentication for Office 365
• Configuring Two-Factor Authentication in Lync Server 2013
• Adding Multi-Factor Authentication to Azure Active Directory
• Enabling Multi-Factor Authentication for On-Premises Applications and Windows Server
• Building Multi-Factor Authentication into Custom Apps

And:

• Get Started with Virtual Smart Cards

Plus much more… check it out at http://aka.ms/MSSecuritynewsletter

Azure Active Directory Sync is now GA! #FIM2010 #DirSync #AADSync

Source: http://blogs.technet.com/b/ad/archive/2014/09/16/azure-active-directory-sync-is-now-ga.aspx

New Azure Active Directory Synchronization Services (AAD Sync) has reached general availability.

Here are more details about this – and here is the related documentation.

If you just want to get started, just click here to download AAD Sync.

As discussed on the release blog post:

“AAD Sync capabilities in this release include the following;

• Active Directory and Exchange multi-forest environments can be extended now to the cloud.
• Control over which attributes are synchronized based on desired cloud services.
• Selection of accounts to be synchronized through domains, OUs, etc.
• Ability to set up the connection to AD with minimal Windows Server AD privileges.
• Setup synchronization rules by mapping attributes and controlling how the values flow to the cloud.
• Preview AAD Premium password change and reset to AD on-premises.”

First beta release of #AADSync

The pre-release program of Azure AD Sync on Connect has been updated with the first beta release of AADSync.

The beta release is available on Connect from this link:

https://connect.microsoft.com/site433/Downloads/DownloadDetails.aspx?DownloadID=53361

Make sure to read the updated installation guide and release notes available on TechNet:

http://go.microsoft.com/fwlink/?LinkID=393942

As requested by the PG, please continue to provide feedback through Connect. This allows MS to deliver a high-quality product which is solving your scenarios.

New Azure AD Sync (#AADSync) documentation set launched on #TNWiki

Markus just launched a fresh new set of documents on the new Azure AD Sync (AADSync) tool on TechNet Wiki.

You can find them at this short link: http://aka.ms/AADSync

 

Check them out and bookmark the short link.