DirSync – Duplicate AD objects on-premises

Issue:

1. Some AD users are not able to sync to Office 365
2. Problem was due to a previous case of corrupted Domain Controller
3. The accounts on Office 365 somehow is taking sync from the AD Objects of the corrupted DC

Investigation:

1. PowerShell was used to retrieve the ObjectGUID for the affected accounts and compared against the Office 365 accounts
2. It is confirmed that the ObjectGUID did not match

Resolution:

1. Configure the DirSync Active Directory management agent to stop sync for the affected users (OU or Attribute based filtering)
2. Perform a Full Sync
3. In Office 365, run a PowerShell script to delete the affected accounts, now a Cloud user instead of Synced user
4. In Office 365 Deleted User list, run a PowerShell script to purge the deleted accounts
5. Configure the DirSync AD agent again to include the affected users
6. Perform a Full Sync
7. Perform a comparison with Office 365 and AD using the ImmutableID attribute.

The ImmutableID must match AD and Office 365 and the accounts should now be able to sync properly.