In order to make a successful migration to Office 365 you need to resolve any issues with your Active Directory data. Microsoft has created the tool IdFix to help you identify issues. You can download it here.
This post will look specifically at the Duplicate Error as reported by the IdFix tool. What is it and how do we fix it?
Identifying the IdFix Duplicate Error
After running the IdFix tool for the first time you may see a lot of errors in your environment. The best approach is to fix one error type at a time.
If you have any Duplicate Errors in IdFix it will look like this:
The problem with the IdFix Duplicate Error is that two or more objects are configured with similar values in an attribute, typically the proxyAddresses attribute. The problem may be between two user objects or between different types of mail enabled objects, e.g. a distribution group and a user object.
This error potentially affects successful delivery of emails so it’s definitely something you’d want to resolve asap.
Fixing the IdFix Duplicate Error
To fix the issue you should reconfigure or remove one of the duplicate proxyAddresses values. You can edit the proxyAddresses attribute directly using the IdFix tool:
After modifying the conflicting attribute, select the EDIT Action and click Apply. The Action status will change to COMPLETED and on the next query the objects with the duplicate error are gone.
Fixing the Rest
The duplicate error is just one out of several error types reported by the IdFix tool. Other types of errors seen in the IdFix tool are seen in the below table:
IdFix Errors
| Error Name | Error Description |
|---|---|
| character | Use of invalid characters in attribute |
| duplicate | Duplicate values used on attribute on two or more objects |
| format | Use of invalid format in attribute |
| topleveldomain | Use of non-routable top level domain in mail address (usually domain.local) |
| domainpart | Use of invalid domain part – right hand side of email address is not RFC 2822 compliant (e.g. user@domain#1.com) |
| domainpart_localpart | Use of invalid local part – left hand side of email address if not RFC 2822 compliant (e.g. user”1@domain.com) |
| length | Attribute value exceeds allowed length |
| blank | Attribute is empty when it should have a value |
| mailmatch | Attribute does not match the mail value (Office 365 Dedicated only) |
Some of the above errors may call for generic fixing using PowerShell. Check out this post for an example on how to fix topleveldomain issues affecting a large number of mail enabled objects.
Make sure to fix them all before you start your Active Directory to Azure AD migration.