When you run the Windows Azure Active Directory Sync tool in your organizational account such as Office 365, Windows Azure, or Windows Intune, you get the following error message in an email message that's sent by MSOnlineServicesTeam@MicrosoftOnline.com:
Error 012: Unable to update this object in Microsoft Online Services because the proxy address associated with this object in the local Active Directory is already associated with another object. Fix this in your local Active Directory.
This issue occurs if one or more of the following conditions are true:
- An object in the on-premises Active Directory has an SMTP address that's the same as the SMTP address of the object that's reporting the problem.
- An object in the on-premises Active Directory has a mail attribute that's identical to the object that's reporting the problem.
- An object already exists in your organizational account and has the same SMTP address or mail attribute as the object in the on-premises Active Directory.
To resolve this issue, use one of the following methods:
Method 1: Locate the object in the on-premises Active Directory
To locate on-premises Active Directory objects that use an SMTP address or mail attribute that's identical to the object that's reporting the problem, run an LDAP query in the on-premises Active Directory.
For example, if the problem proxy addresses is email@example.com, the LDAP query will resemble the following:
This LDAP query looks for all objects in Active Directory that have a proxy address or mail attribute value that contains JSmith@contoso.com.
You can use a tool such as Active Directory Users and Computers to run an LDAP query. For more info about how to use such a tool, go to the following Microsoft TechNet website:
LDAP Query Basics
If multiple results are returned, you can resolve the results so that only one object has the proxy address and mail attribute with the problem email address.
Method 2: Locate the object in Windows Azure AD
If the object already exists in Windows Azure AD and has the same SMTP address or mail attribute as the object in the on-premises Active Directory, you can locate and then remove the conflicting object or email address from your organizational account.
By default, directory synchronization runs every 3 hours. To minimize the effect of the suggested fix on the affected user, you can force directory synchronization to run immediately. For more info about how to do this, go the following Microsoft website:
Still need help? Go to the Office 365 Community
website or the Windows Azure Active Directory Forums