Recently, we had an issue where four specific users would not sync into Azure AD. There were no noticeable differences in attributes between these users and ones that were working.
Compounding the issue was a rather unhelpful error message
The cause of the error is not clear. This operation will be retried during the next synchronization. If the issue persists, contact Technical Support
With a little help from Microsoft support, we were able to resolve the issue using the following steps
- First, create a new user in Office 365 with a default domain UPN (eg org.onmicrosoft.com)
- Get the users ObjectGUID from AD
- Set the ImmutableID attribute on the new account to be the ObjectGUID of the AD account
- Run a delta sync or wait for next scheduled sync. At this point, the AD user will be joined with the Azure user account, and the user's attributes will be updated appropriately.
For example, if you receive the following error in an email
The cause of the error is not clear. This operation will be retried during the next synchronization. If the issue persists, contact Technical Support.
You can use the following PowerShell command to resolve the issue
Credit goes to Cameron Duck for the troubleshooting process and coming up these resolution steps.