"LDAP injection characters were found in the user alias" error when you try to run the Azure Active Directory Sync tool


When you try to run the Microsoft Azure Active Directory Sync tool, you receive an email message that resembles the following:
Hello user@<DomainName>.com,

See Directory Synchronization Errors for more information about the errors listed in this e-mail message.

The Directory Synchronization batch run was completed on <Date Month Year Time.>

The following objects encountered errors during synchronization.

Alias Error Description Object GUIDResearch/Development LDAP injection characters were found in the user alias. Change the user alias in the on-premises Active Directory. CN={788ef08b-cf9b-4aec-ac10-5995226a88b7}


This issue may occur if an on-premises user object includes one of the following characters in its primary SMTP email address:
  • Asterisk (*)
  • Braces ({ })
  • Slash mark (/)
  • Opening single curly quotation mark (`)
  • Percent (%)
  • Equal sign (=)
  • Vertical bar (|)
  • Question mark (?)
  • Exclamation mark (!)
  • Period (.) if it's the first or last character or if it appears two or more times consecutively


To resolve this issue, change the on-premises user's primary SMTP address by removing the character that's causing the issue. After the character is removed, directory synchronization will use the string in the new primary SMTP proxy address to create the user's user principal name (UPN) and primary SMTP address.

Still need help? Go to Microsoft Community or the Azure Active Directory Forums website.

Αναγνωριστικό άρθρου: 2425774 - Τελευταία αναθεώρηση: 16 Δεκ 2016 - Αναθεώρηση: 1