Skip to main content

Azure AD Connect Synchronization Service Manager shows the status completed-export-errors. However, when we want to look into the details, we only find that it shows the export error dn-attributes-failure. In this article, you will learn why this is happening and the solution for the export error dn-attributes-failure in Azure AD Connect Synchronization Services.

Error dn-attributes-failure

To find the export error dn-attributes-failure in Azure AD Connect, follow these steps:

  1. Sign in to the Azure AD Connect server
  2. Start Synchronization Service Manager
  3. Click on the tab Operations
  4. Click in the list on completed-export-errors
  5. Click on the Export Error
AAD Connect sync dn-attributes-failure

In our example, the security group SG_Azure_A is pending export and can’t update successfully.

dn-attributes-failure pending export

The Export Error tab only shows the error: dns-attributes-failure, nothing more.

dn-attributes-failure export error

Solution for dn-attributes-failure

While we go back to the Synchronization Service Manager and look into the Export Errors, we also see the error DataValidationFailed.

The solution is to address the DataValidationFailed export errors first. After that, you don’t have to do anything for the dn-attributes-failure export errors, and it will automatically resolve.

In our example, the security group SG_Azure_A got members with invalid characters. Once we fix that, the group can update, and the dn-attribute-failure export error will not appear anymore.

AAD Connect sync DataValidationFailed

The best to check and address the DataValidationFailed export errors is with the IdFix tool.

Run IdFix tool

Go through the article IdFix – Directory synchronization error remediation tool and fix all the AD objects that show up with an error.

This is how it looks when querying the Active Directory on-premises with IdFix.

dn-attributes-failure IdFix before

This is how it looks after fixing the AD objects and querying.

dn-attributes-failure IdFix after

Force Azure AD sync

Force a delta sync with PowerShell on the AD Connect server.

PS C:\> Start-ADSyncSyncCycle -PolicyType Delta


Verify Azure AD Connect sync status

Six steps will happen when you apply a synchronization, and they all will show the success status.

AAD Connect sync success

Everything looks great!

Leave a Reply