Here is the issue….
You run a delta sync however notice that some users are not created successfully. Next you check the AAD Connect server and find that 1 or more users are failling to sync, and present the error: “the object located by DN is a phantom”. As far as behavior, when your in the MIIS Client, you can run a metaverse search for the user, and see the object there. As a result you feel that on premise Active Directory is fine, but Microsoft servers is the issue. Well, not this time.
I have found that a common cause of this is that the O365 connector space is out of sync. This means the backend database that contains a shadow copy of the synced attributes is out of sync with its target. In this case the O365 Connector is out of sync with the objects in MSO. To resolve this error we will need to clear out the corrupt connector space with the phantom objects then run a full sync to re-sync the objects from On-Premise. The connector space holds a shadow copy of the user attributes, therefore we will not be affecting any end users.
Steps to resolve are as follows:
First run this cmdlet and verify that that the user is not syncing and there is no cloud presense.
- Get-msoluser -searchstring firstname.lastname@example.org | fl
- If you are truly in this scenario, the results of this cmdlet will come back empty.
- Open AAD Connect and select the management agents.
- Right-Click on your Windows Azure Active Directory Connector and select Delete.
- Delete the connector space ONLY from the specific connector.
- Right Click on the connector again, and run a full import on that specific connector space.
- Run a full sync on that connector space.
- Run a delta Sync to sync objects.
- Confirm the object is in O365.