Troubleshooting #FIM2010: The Office 365 MA Connector export cycle has stopped. Object with DN CN={1234567890AABBCCDDEEFFGGHGGFFEEDDCCBBAA987654321} failed validation for the following attributes: member.

 

Event Viewer

Log Name: Application
Source: Directory Synchronization
Date:
32/13/2015 4:48:55 AM
Event ID: 107
Task Category: None
Level:
Error
Keywords: Classic
User: N/A
Computer: <servername
/>.<domain />.<root />
Description:
The Office 365 MA Connector
export cycle has stopped. Object with DN
CN={1234567890AABBCCDDEEFFGGHGGFFEEDDCCBBAA987654321} failed validation
for the following attributes: member. Please refer to documentation for
information on object attribute validation.
Event Xml:
<Event
xmlns=”http://schemas.microsoft.com/win/2004/08/events/event”&gt;

<System>
<Provider Name=”Directory Synchronization” />
<EventID
Qualifiers=”0″>107</EventID>
<Level>2</Level>
<Task>0</Task>

<Keywords>0x80000000000000</Keywords>
<TimeCreated
SystemTime=”2015-13-32T03:48:55.000000000Z” />

<EventRecordID>994163</EventRecordID>
<Channel>Application</Channel>

<Computer><servername />.<domain />.<root /></Computer>
<Security />

</System>
<EventData>
<Data>The Office 365 MA Connector export
cycle has stopped. Object with DN
CN={1234567890AABBCCDDEEFFGGHGGFFEEDDCCBBAA987654321} failed validation
for the following attributes: member. Please refer to documentation for
information on object attribute validation.</Data>
</EventData>

</Event>

Root Cause

There is a technical limit of 15000 members, that the Office 365 management
agent can support.

Solutions

1. Keeping member numbers under 15000

  • Eg. splitting groups

2. Migrating your O365 connector to AADSync

 

Additional info

Prepare for directory synchronization:
https://msdn.microsoft.com/en-us/library/azure/jj151831.aspx

#AADSync v1.0.0470.1023 released, with new features

Few days ago Microsoft launched a new release of the Azure AD Sync tool.

As mentioned in the AAD Sync Version Release History, this build adds the following features:

  • Password synchronization from multiple on-premise AD to AAD
  • Localized installation UI to all Windows Server languages

Get an overview and comparison for Directory Integration with Azure AD here .

  1. Azure Active Directory Synchronization Tool (DirSync)
  2. Azure Active Directory Synchronization Services (AAD Sync)
  3. Forefront Identity Manager 2010 R2

The download location for AADSync (http://aka.ms/AADSyncDownload) has not changed, but has been updated with the new version.

Overview:

Note-to-Self: Microsoft Security Newsletter September 2014

Source: http://aka.ms/MSSecuritynewsletter

In this months newletter you’ll find guidance on:

  • Windows Phone 8.1 Security Overview
  • Windows Phone Security Forum for IT Pros
  • Create Stronger Passwords and Protect Them
    • Inlcuding  free online tool offered by Microsoft Research, called Telepathwords, for those that would rather have a randomly generated strong password created for them.
  • Two-Factor Authentication for Office 365
  • Multi-Factor Authentication for Office 365
  • Configuring Two-Factor Authentication in Lync Server 2013
  • Adding Multi-Factor Authentication to Azure Active Directory
  • Enabling Multi-Factor Authentication for On-Premises Applications and Windows Server
  • Building Multi-Factor Authentication into Custom Apps

And:

  • Get Started with Virtual Smart Cards

Plus much more… check it out at http://aka.ms/MSSecuritynewsletter

Azure Active Directory Sync is now GA! #FIM2010 #DirSync #AADSync

Source: http://blogs.technet.com/b/ad/archive/2014/09/16/azure-active-directory-sync-is-now-ga.aspx

New Azure Active Directory Synchronization Services (AAD Sync) has reached general availability.

Here are more details about this – and here is the related documentation.

If you just want to get started, just click here to download AAD Sync.

As discussed on the release blog post:

“AAD Sync capabilities in this release include the following;

  • Active Directory and Exchange multi-forest environments can be extended now to the cloud.
  • Control over which attributes are synchronized based on desired cloud services.
  • Selection of accounts to be synchronized through domains, OUs, etc.
  • Ability to set up the connection to AD with minimal Windows Server AD privileges.
  • Setup synchronization rules by mapping attributes and controlling how the values flow to the cloud.
  • Preview AAD Premium password change and reset to AD on-premises.”

First beta release of #AADSync

The pre-release program of Azure AD Sync on Connect has been updated with the first beta release of AADSync.

The beta release is available on Connect from this link:

https://connect.microsoft.com/site433/Downloads/DownloadDetails.aspx?DownloadID=53361

Make sure to read the updated installation guide and release notes available on TechNet:

http://go.microsoft.com/fwlink/?LinkID=393942

As requested by the PG, please continue to provide feedback through Connect. This allows MS to deliver a high-quality product which is solving your scenarios.

New Azure AD Sync (#AADSync) documentation set launched on #TNWiki

Markus just launched a fresh new set of documents on the new Azure AD Sync (AADSync) tool on TechNet Wiki.

You can find them at this short link: http://aka.ms/AADSync

 

Check them out and bookmark the short link.