0

DirSync Error 87 – The parameter Is Incorrect

DirSync in one of my O365 test labs started to complain that there were some issues with objects synching to Windows Azure Active Directory (WAAD).  EventID  0 was logging into the application event log, and stated:  “The Management Agent ‘Active Directory Connector’ reported  errors on execution”.

Dirsync Management Agent Reported Errors on Execution

This is a an Exchange 2010 SP3 RU 7 based hybrid solution.  Exchange 2013 is not present.  DirSync is build 6765.  The installed components on the DirSync server are shown below:

DirSync Version 1.0.6765

Opening up MIISClient.exe application from “C:Program FilesWindows Azure Active Directory SyncSYNCBUSSynchronization ServiceUIShell”  showed that there were errors reported  from the Active Directory Connector when is was performing an export.  As we can see in the below screenshot the object with the issue was User-1@tailspintoys.ca.  This is a hybrid configuration where the user object exists in AD, and the mailbox was moved to Office 365.

The reported error is “cd-error”.

Reviewing Errors in Synchronisation Service Manager

Clicking on the error in the bottom right pane, showed some additional information.  This has failed 228 times, with the data source error of “The parameter is incorrect”.  So something is going wrong when we try and update this user object.

DirSync Error The Parameter Is Incorrect

Since it is the export portion of the workflow that is reporting the error, let’s look at the “Export In Progress” tab.  To make it easier to see what is happening, I have clicked onto the changes button to sort the column.  This is highlighted in the red box.  We can now see that we are trying to add the msExchUserHold attribute to the on-premises user object.

DirSync Error The Parameter Is Incorrect - Due to msExchuserHold

Write-Back Attributes

In the above error, we can see that DirSync is trying to write an attribute to the on-premises user object.  This is part of the write-back attributes that are listed on the TechNet Wiki.

Write-Back Attribute

Exchange Purpose

msExchArchiveStatus Online Archive: Enables customers to archive mail.
msExchUCVoiceMailSettings Enable Unified Messaging (UM) – Online voice mail: This new attribute is used only for UM-Microsoft Lync Server 2010 integration to indicate to Lync Server 2010 on-premises that the user has voice mail in online services.
msExchUserHoldPolicies Litigation Hold: Enables cloud services to determine which users are under Litigation Hold.
ProxyAddresses (LegacyExchangeDN <online LegacyDn> as X500)
Enable Mailbox: Offboards an online mailbox back to on-premises Exchange.
PublicDelegates Cross-premises Public Delegation: Enables users to specify delegates for their mailbox.
SafeSendersHash
BlockedSendersHash
SafeRecipientHash
Filtering: Writes back on-premises filtering and online safe and blocked sender data from clients.

The msExchUserHoldPolicies attribute was not present in Exchange 2010 or Wave 14 of Office 365, it was added with Exchange 2013.

DirSync Attributes

If we look at how DirSync maps the Office 365 object attributes to the AD object, we can see how the attributes flow.  The below screenshot is again from the Active Directory Connector.  Note that we are looking at the “Configure Attribute Flow” portion, and the red box at the top highlights the 7 write-back attributes.  The focus is placed on the msExchUserHoldPolicies attribute.

DirSync Attribute Mapping

Looking at an Exchange 2010 Mailbox in an Exchange 2010 organisation, we can use the attributes editor tab in recent versions of DSA.msc to see the attributes.  if the attributes editor tab is missing, then select advanced features on the view menu.

The user object on the left (user-1) is the user object we were looking at above.  Note that there is no msExchUserHoldPolicies attribute.  The user on the right (2010-2) is an Exchange 2010 mailbox which exists in organisation that has also deployed Exchange 2013.  Thus the AD schema was extended for Exchange 2013, and the msExchuserHoldPolicies attribute was added to the schema.

Exchange 2010 Mailbox AttributesExchange 2010 Mailbox Attributes With Exchange 2013 Schema

Upgrading the schema so that the Exchange 2013 attributes would make this go away, but do I really have to do that if there are no immediate plans to deploy Exchange 2013?

Note that way back at the start I mentioned that DirSync 6765 was installed.  TechNet wiki lists the different DirSync buildsTechNet wiki lists the different builds, and we can see that this is an out-dated version.  There are currently 4 newer builds available since 6765 was released on the 18th of April 2014.  7020 was released on the 31st July 2014.

 

Upgrading DirSync

Once DirSync has been updated, let’s see what happens…

 

DirSync Updated To Build 7020

 

DirSync Upgraded

 

 

After running a Full Sync

image

We note that User-1 has been updated.

image

The Attribute flow is shown here:

image

 

Not listed as a prereq to Hybrid Deployment – http://technet.microsoft.com/en-us/library/hh534377(v=exchg.150).aspx

The following article lists the issues that you might encounter if you disable RichCoexistence: http://support.microsoft.com/kb/2406830

 

The updated build now reviews the version of Exchange and the tenant to make the appropriate rules as shown below:

 

image

 

image

 

Cheers,

Rhoderick

Rhoderick Milne [MSFT]

Leave a Reply

Your email address will not be published. Required fields are marked *