So I have no idea how this happened, but about a month ago we converted a contractor to full time. Their AD account worked just fine, no issues at all. When we converted them, we added in the needed access/email groups. We are a hybrid AAD, so this is all done from the on premise, and then syncs up to the cloud. We use o365 in the cloud, and the issue we are having is the email groups will not sync out to AAD. Occasionally we also get a sync error for this user. In the latest case it was for a SIP Proxy Address. The problem is that nothing else on premise has that address. They did not need the SIP Proxy as we use nothing with SIP, so we removed it, and let it sync.
Now there is a secondary user in AAD for them. We don't use numbers in our email, so the second was auto generated during sync, as username1234@company.com. The original user is also there as username@company.com. The original still shows outdated data, and no email groups, however the new on with the numbers shows the correct data and groups.
Is there some way to force these to merge? Or how do we resolve this? Do we just have to nuke the user entirely, or if we blow both versions out of AAD only will the system sync correctly the next time?
