this is an odd situation, but i think may be somewhat commonplace in the SMB world. i have office 365 set up for my business email, nothing fancy, just one user. i decided to implement a domain controller in azure and set up dirsync to sync into azure ad. i’m working on an overall project/poc to set up a cloud based environment with a full domain hosted in azure iaas, office 365, intune and azure services including azure active directory to tie all the cloud services together. from there i plan to play with azure mfa and sso for things like dropbox for business, etc. everything went smoothly with standing up the new dc and installing dirsync, however my account didn’t sync up, just a couple test accounts i had made. i got an email from the ms online services team indicating the failure, but chasing the root cause down was tricky.

first step was to try the IdFix DirSync Error Remediation Tool, which has a basic gui and identifies the issues. it flagged that my account was missing the tragetAddress and mailnickname attributes that are set in office 365. i tried to just have the tool fix it, but it failed. from there i dug into my user object with adsiedit, and that didn’t show those attributes. it turns out that you need to have the exchange ad schema extensions added to ad in order to have those attributes. so off to download exchange 2013 so that i can extend the schema per this article.

once the schema extensions were added, i was able to use idfix to make the changes to my user object and sync up the changes to azure ad.

on a related note, to force a sync, in powershell, you need to run the following commands:
Import-Module DirSync
Start-OnlineCoExistenceSync
you can check the event log for details, there’s nothing to see beyond that.