Azure AD Connect sync export error dn-attributes-failure

Azure AD Connect Synchronization Service Manager shows the status completed-export-errors. However, when we want to look into the details, we only find that it shows the export error dn-attributes-failure. In this article, you will learn why this is happening and the solution for the export error dn-attributes-failure in Azure AD Connect Synchronization Services.

Table of contents

Error dn-attributes-failure

To find the export error dn-attributes-failure in Azure AD Connect, follow these steps:

  1. Sign in to the Azure AD Connect server
  2. Start Synchronization Service Manager
  3. Click on the tab Operations
  4. Click in the list on completed-export-errors
  5. Click on the Export Error
AAD Connect sync dn-attributes-failure

In our example, the security group SG_Azure_A is pending export and can’t update successfully.

dn-attributes-failure pending export

The Export Error tab only shows the error: dns-attributes-failure, nothing more.

dn-attributes-failure export error

Solution for dn-attributes-failure

While we go back to the Synchronization Service Manager and look into the Export Errors, we also see the error DataValidationFailed.

The solution is to address the DataValidationFailed export errors first. After that, you don’t have to do anything for the dn-attributes-failure export errors, and it will automatically resolve.

In our example, the security group SG_Azure_A got members with invalid characters. Once we fix that, the group can update, and the dn-attribute-failure export error will not appear anymore.

AAD Connect sync DataValidationFailed

The best to check and address the DataValidationFailed export errors is with the IdFix tool.

Run IdFix tool

Go through the article IdFix – Directory synchronization error remediation tool and fix all the AD objects that show up with an error.

This is how it looks when querying the Active Directory on-premises with IdFix.

dn-attributes-failure IdFix before

This is how it looks after fixing the AD objects and querying.

dn-attributes-failure IdFix after

Force Azure AD sync

Force a delta sync with PowerShell on the AD Connect server.

PS C:\> Start-ADSyncSyncCycle -PolicyType Delta

Result
------
Success

Verify Azure AD Connect sync status

Six steps will happen when you apply a synchronization, and they all will show the success status.

AAD Connect sync success

Everything looks great!

Read more: Upgrade Azure AD Connect »

Conclusion

You learned why the export error dn-attributes-failure appears. The solution is to run ldFix tool and fix all the issues. After that, Azure AD Connect will synchronize all AD objects, and no more error appears.

Did you enjoy this article? You may also like Create AD DS Connector account. Don’t forget to follow us and share this article.

ALI TAJRAN

ALI TAJRAN

ALI TAJRAN is a passionate IT Architect, IT Consultant, and Microsoft Certified Trainer. He started Information Technology at a very young age, and his goal is to teach and inspire others. Read more »

X TwitterLinkedIn

What Others Are Reading

This Post Has 0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *