During a directory synchronization, the DSA (Directory Synchronization Agent) never goes into Delta mode, and the following error is displayed within the DSA.log file, as well as the DSA event viewer:
"Common Error 0xe1000010. Attribute extensionAttribute15 not found in object"
Duplicate entries for ExtensionAttribute 15 found within the target environment. This can happen if newly created accounts are copied, rather then created.
To identify the accounts that have duplicate values, from a command window on the Migration Manager console run the following command:
dsquery * -attr extensionAttribute15 name -filter (extensionAttribute15=*) > c:\filename.txt
This will output a file. This file will contain a listing of all accounts that have the extensionaAttribute 15 populated, and the values.
This file should be examined for any matching values. The one easy way to do this is to open the .txt file within Microsoft Excel and sort by the ExtensionAttribute 15 column.
Once the matches are determined the DSA should be stopped, and these accounts should be cleaned of the service attributes for Migration Manager (default ExtensionAttribute 14 and 15).
Start the DSA with the full resync mode, the sync should now complete correctly and no more errors should be logged within the logs and event viewer.
1. If different attributes are being used as the service attributes then the error may list the atttribute that is duplicated, rather then ExtensionAttribute 15**
2. There is a limitation of Dsquery results, the default value is 100.
If a message is received "Dsquery has reached the specified limit on number of results to display; use a different value for the -limit option to display more results"; modify the command parameters and increase the limit, the syntax could be eg:
dsquery * -limit 5000 -attr extensionAttribute15 name -filter (extensionAttribute15=*) > c:\filename.txt
Waiting for fix in a future release of Migration Manager for AD. CR0178782 was created for this issue, which requests a change in logging to identify the accounts by name within the DSA.log and event log.
In order to ensure that the attribute is not copied when copying a user, the following can be performed:
That would ensure that even if users populated with service attributes are copied as templates, the service attribute value will not be copied, thus the whole problem avoided. *
If you use the AD Schema snap-in and you modify incorrect details, you can cause serious problems and impact AD replication and AD schema. Please ensure to follow the correct instructions and modify these changes at your own risk. For more details on possible impact please refer to available Microsoft articles.