Did you know that there is a limit on the number of errors a single dirsync run can have? Neither did I until recently, and we found the hard way.
So, after a little research, it turns out that there is indeed a default limit of 5000 errors, and once this limit is reached the synchronization process will terminate. This will result in some odd behavior, as some of the changes will be reflected in WAAD, while other objects will be unchanged. The last sync timestamp will also be updated, further increasing the confusion. Opening the MIISClient however quickly reveals the trust – the WAAD Export profile run will have a status “stopped-error-limit” and the number of export errors will be 5000 (The same might happen with the other profiles too, so make sure to check them as well!).
So how do we go about fixing that? Well the best way is of course to make sure those errors are resolved. In our particular case, this excessive number of errors was caused by poor planning – this was a test environment, synced with a test O365 tenant and the problem was that all Prod accounts were being dumped “as is” into the test AD, without updating the relevant attributes. The use of additional Identity Management solution that overwrites any changes made directly from ADUC further complicated the issue. So instead of fixing the errors, as another option we decided to increase the limit for maximum number of errors, as detailed in this article. All you need to do is open regedit on the dirsync server machine, locate the “HKLM\System\CurrentControlSet\Services\FIMSynchronizationService\Parameters” key and create the ErrorLimit DWORD value (If you are using AADSync, the key will be located under he following instead: HKLM\System\CurrentControlSet\Services\ADSync\Parameters). The default value of 0 will increase the error limit to 100000, which should give you plenty of freedom. Afterwards, restart the FIMSynchronizationService and run another sync. This time, when the 5000 limit is reached, the MIIS client will stop listing new errors, but the sync process will not stop. I have not found a way to increase the ‘display limit’ past the 5000 mark though.
For general troubleshooting or MIIS/FIM error messages, you can refer to this article on Jorge’s blog.