Windows Azure Active Directory Synchronization: Delta Import Delta Sync Fails After Making an Organizational Unit Move in Active Directory

Symptom

Windows Azure Active Directory Synchronization delta sync cycles are failing during Delta Import Delta Sync
The Delta Import Delta Sync operations show Discovery Errors in the FIM console
ForeFront Identity Manager events 6301 and 6060 are logged in the Application Event Log:

            The server encountered an unexpected error in the synchronization engine:

             "MMS(4796): New Delta: HRESULT: 0x0
            <delta operation="update" dn="OU=MyChildOU,OU=MyOU,DC=contoso,DC=com" newdn="OU=MyChildOU,OU=MyOU,DC=contoso,DC=com">
             <anchor encoding="base64">NgROk3jn60yLGvXGBfzUKw==</anchor>
             <parent-anchor encoding="base64">yNHbKkOBCkOy4RtgfdfNrg==</parent-anchor>
             <attr name="objectGUID" operation="replace" type="binary" multivalued="false">
              <value encoding="base64">NgROk3jn60yLGvXGBfzUKw==</value>
             </attr>
            </delta>

            MMS(4796): Delta: HRESULT: 0x0
            <delta operation="add" dn="OU=MyChildOU,OU=MyOU,DC=contoso,DC=com">
             <anchor encoding="base64">NgROk3jn60yLGvXGBfzUKw==</anchor>
             <parent-anchor encoding="base64">yNHbKkOBCkOy4RtgfdfNrg==</parent-anchor>
             <primary-objectclass>organizationalUnit</primary-objectclass>
             <objectclass>
              <oc-value>top</oc-value>
              <oc-value>organizationalUnit</oc-value>
             </objectclass>
             <attr name="objectGUID" type="binary" multivalued="false">
              <value encoding="base64">NgROk3jn60yLGvXGBfzUKw==</value>
             </attr>
            </delta>

            MMS(4796): Post: HRESULT: 0x0
            <entry dn="OU=MyChildOU,OU=MyOU,DC=contoso,DC=com">
             <anchor encoding="base64">NgROk3jn60yLGvXGBfzUKw==</anchor>
             <parent-anchor encoding="base64">yNHbKkOBCkOy4RtgfdfNrg==</parent-anchor>
             <primary-objectclass>organizationalUnit</primary-objectclass>
             <objectclass>
              <oc-value>top</oc-value>
              <oc-value>organizationalUnit</oc-value>
             </objectclass>
             <attr name="objectGUID" type="binary" multivalued="false">
              <value encoding="base64">NgROk3jn60yLGvXGBfzUKw==</value>
             </attr>
            </entry>

            BAIL: MMS(4796): tripleholo.cpp(11867): 0x80230305 (The dimage has a distinguished name that is different than the image.)
            BAIL: MMS(4796): tripleholo.cpp(2498): 0x80230305 (The dimage has a distinguished name that is different than the image.)
            BAIL: MMS(4796): tower.cpp(1372): 0x80230305 (The dimage has a distinguished name that is different than the image.)
            <delta operation="update" dn="OU=MyChildOU,OU=MyOU,DC=contoso,DC=com" newdn="OU=MyChildOU,OU=MyOU,DC=contoso,DC=com">
             <anchor encoding="base64">NgROk3jn60yLGvXGBfzUKw==</anchor>
             <parent-anchor encoding="base64">yNHbKkOBCkOy4RtgfdfNrg==</parent-anchor>
             <attr name="objectGUID" operation="replace" type="binary" multivalued="false">
              <value encoding="base64">NgROk3jn60yLGvXGBfzUKw==</value>
             </attr>
            </delta>
            <tower><unapplied-export><delta operation="none" dn="OU=MyChildOU,OU=MyOU,DC=contoso,DC=com">
            <anchor encoding="base64">NgROk3jn60yLGvXGBfzUKw==</anchor>
            </delta>
            </unapplied-export>
            <escrowed-export>
            <delta operation="none" dn="OU=MyChildOU,OU=MyOU,DC=contoso,DC=com">
            <anchor encoding="base64">NgROk3jn60yLGvXGBfzUKw==</anchor></delta></escrowed-export><unconfirmed-export>
            <delta operation="none" dn="OU=MyChildOU,OU=MyOU,DC=contoso,DC=com"><anchor encoding="base64">NgROk3jn60yLGvXGBfzUKw==</anchor>
            </delta></unconfirmed-export><pending-import><delta operation="add" dn="OU=MyChildOU,OU=MyOU,DC=contoso,DC=com">
            <anchor encoding="base64">NgROk3jn60yLGvXGBfzUKw==</anchor><parent-anchor encoding="base64">yNHbKkOBCkOy4RtgfdfNrg==
            </parent-anchor><primary-objectclass>organizationalUnit</primary-objectclass><objectclass><oc-value>top</oc-value><oc-value>organizationalUnit
            </oc-value></objectclass><attr name="objectGUID" type="binary" multivalued="false">
            <value encoding="base64">NgROk3jn60yLGvXGBfzUKw==</value></attr></delta></pending-import><synchronized-hologram></synchronized-hologram>
            <anchor encoding="base64">NgROk3jn60yLGvXGBfzUKw==</anchor><connector>0</connector><connector-state>normal</connector-state>
            <seen-by-import>1</seen-by-import><rebuild-in-progress>0</rebuild-in-progress><obsoletion>0</obsoletion><need-full-sync>0</need-full-sync>
            <placeholder-parent>0</placeholder-parent><placeholder-link>0</placeholder-link><placeholder-delete>0</placeholder-delete><pending>1
            </pending><ref-retry>0</ref-retry><rename-retry>0</rename-retry><sequencers><current><batch-number>0</batch-number><sequence-number>0
            </sequence-number></current><unapplied><batch-number>0</batch-number><sequence-number>0</sequence-number></unapplied><original>
            <batch-number>0</batch-number><sequence-number>0</sequence-number></original></sequencers><import-delta-operation>add
            </import-delta-operation><export-delta-operation>none</export-delta-operation></tower>
            BAIL: MMS(4796): csobj.h(1437): 0x80230305 (The dimage has a distinguished name that is different than the image.)
            BAIL: MMS(4796): syncstage.cpp(2018): 0x80230305 (The dimage has a distinguished name that is different than the image.)
            BAIL: MMS(4796): syncstage.cpp(539): 0x80230305 (The dimage has a distinguished name that is different than the image.)
            ERR: MMS(4796): syncstage.cpp(588): 0x80230305 - staging failed 0x80230305
            ERR: MMS(4796): syncstage.cpp(589): Staging failed 0x80230305: [OU=MyChildOU,OU=MyOU,DC=contoso,DC=com]
            ERR: MMS(4796): syncmonitor.cpp(2515): SE: Rollback SQL transaction for: 0x80230305
            MMS(4796): SE: CS image begin
            MMS(4796): <cs-object cs-dn="OU=MyChildOU,OU=MyOU,DC=contoso,DC=com" id="{DB03B034-C528-E111-A02F-005056901089}" object-            type="organizationalUnit">
             <unapplied-export>
              <delta operation="none" dn="OU=MyChildOU,OU=MyOU,DC=contoso,DC=com">
               <anchor encoding="base64">NgROk3jn60yLGvXGBfzUKw==</anchor>
              </delta>
             </unapplied-export>
             <escrowed-export>
              <delta operation="none" dn="OU=MyChildOU,OU=MyOU,DC=contoso,DC=com">
               <anchor encoding="base64">NgROk3jn60yLGvXGBfzUKw==</anchor>
              </delta>
             </escrowed-export>
             <unconfirmed-export>
              <delta operation="none" dn="OU=MyChildOU,OU=MyOU,DC=contoso,DC=com">
               <anchor encoding="base64">NgROk3jn60yLGvXGBfzUKw==</anchor>
              </delta>
             </unconfirmed-export>
             <pending-import>
              <delta operation="add" dn="OU=MyChildOU,OU=MyOU,DC=contoso,DC=com">
               <anchor encoding="base64">NgROk3jn60yLGvXGBfzUKw==</anchor>
               <parent-anchor encoding="base64">yNHbKkOBCkOy4RtgfdfNrg==</parent-anchor>
               <primary-objectclass>organizationalUnit</primary-objectclass>
               <objectclass>
                <oc-value>top</oc-value>
                <oc-value>organizationalUnit</oc-value>
               </objectclass>
               <attr name="objectGUID" type="binary" multivalued="false">
                <value encoding="base64">NgROk3jn60yLGvXGBfzUKw==</value>
               </attr>
              </delta>
             </pending-import>
             <synchronized-hologram>
             </synchronized-hologram>
             <anchor encoding="base64">NgROk3jn60yLGvXGBfzUKw==</anchor>
             <connector>0</connector>
             <connector-state>normal</connector-state>
             <seen-by-import>1</seen-by-import>
             <rebuild-in-progress>0</rebuild-in-progress>
             <obsoletion>0</obsoletion>
             <need-full-sync>0</need-full-sync>
             <placeholder-parent>0</placeholder-parent>
             <placeholder-link>

Cause

Windows Azure Active Directory Synchronization learns about the existing Active Directory forest's domain and Organizational Unit structure during its initial Full Sync cycle, where all of the FIM run profiles are of type Full
After the first Full Sync has completed, Windows Azure Active Directory Synchronization begins performing Delta Sync cycles on a 3-hour interval from that point forward
New Organizational Units will be realized during Delta Sync cycles, but changes in the Distinguished Name of an existing Organizational Unit (i.e. - the Organizational Unit has been moved in Active Directory to another location) are not synchronized correctly during a Delta Sync cycle, and will cause the errors shown in the Symptom section of this article.
In order for Windows Azure Active Directory Synchronization to succeed future Delta Sync cycles, a Full Sync cycle must occur first

Resolution

Instructions for Full Sync

On the Windows Azure Active Directory Synchronization server:

Start, Run, RegEdit.exe
Drill down to: HKLM\SOFTWARE\Microsoft\MSOLCoExistence
Double-click the FullSyncNeeded value
Set FullSyncNeeded to 1 and click OK
Close RegEdit
Explore to: C:\Program Files\Microsoft Online Directory Sync
Double-click DirSyncConfigShell.psc1
In the resulting PowerShell console window, type the following and press Enter: Start-OnlineCoexistenceSync
Launch the FIM console (miisclient.exe)
Select the Operations tab
Watch each of the ‘Full’ run profiles execute for SourceAD and TargetWebService
Once TargetWebService Export has completed, you should then see a Delta Sync operation begin within 3 hours, and the Discovery Errors for the Organizational Unit(s) in question should now be resolved