IdFix Duplicate Error

IdFix Duplicate Error message

In order to make a successful migration to Office 365 you need to resolve any issues with your Active Directory data. Microsoft has created the tool IdFix to help you identify issues. You can download it here.

This post will look specifically at the Duplicate Error as reported by the IdFix tool. What is it and how do we fix it?

Identifying the IdFix Duplicate Error

After running the IdFix tool for the first time you may see a lot of errors in your environment. The best approach is to fix one error type at a time.

If you have any Duplicate Errors in IdFix it will look like this:

IdFix Duplicate Error message

The problem with the IdFix Duplicate Error is that two or more objects are configured with similar values in an attribute, typically the proxyAddresses attribute. The problem may be between two user objects or between different types of mail enabled objects, e.g. a distribution group and a user object.

This error potentially affects successful delivery of emails so it’s definitely something you’d want to resolve asap.

Fixing the IdFix Duplicate Error

To fix the issue you should reconfigure or remove one of the duplicate proxyAddresses values. You can edit the proxyAddresses attribute directly using the IdFix tool:

Fixing duplicate error with IdFix tool

After modifying the conflicting attribute, select the EDIT Action and click Apply. The Action status will change to COMPLETED and on the next query the objects with the duplicate error are gone.

Fixing the Rest

The duplicate error is just one out of several error types reported by the IdFix tool. Other types of errors seen in the IdFix tool are seen in the below table:

IdFix Errors

Error NameError Description
characterUse of invalid characters in attribute
duplicateDuplicate values used on attribute on two or more objects
formatUse of invalid format in attribute
topleveldomainUse of non-routable top level domain in mail address (usually domain.local)
domainpartUse of invalid domain part – right hand side of email address is not RFC 2822 compliant (e.g.
domainpart_localpartUse of invalid local part – left hand side of email address if not RFC 2822 compliant (e.g. user”
lengthAttribute value exceeds allowed length
blankAttribute is empty when it should have a value
mailmatchAttribute does not match the mail value (Office 365 Dedicated only)

Some of the above errors may call for generic fixing using PowerShell. Check out this post for an example on how to fix topleveldomain issues affecting a large number of mail enabled objects.

Make sure to fix them all before you start your Active Directory to Azure AD migration.