Your company's local environment consists of a single Active Directory Domain Services (AD DS) domain. The company purchases a Microsoft Office 365 E5 subscription, and you plan to configure directory synchronization between AD DS and Azure Active Directory (Azure AD) to support single sign-on (SSO) for your users.
You need to ensure that improperly formatted domain user names will not cause synchronization errors.
What should you do?
You should download and run the free Microsoft Directory Synchronization Error Remediation (IdFix) tool on a domain member server or workstation prior to configuring directory synchronization between AD DS and Azure AD. IdFix can isolate and even remediate common errors reported by Azure AD Connect, including improperly formatted domain user names.
You should not run Azure AD Connect in custom mode. This operation actually configures directory synchronization or identity federation. It does not proactively identify potential errors and offer to remediate them for you.
You should not run the Synchronization Service Manager. This tool and the Synchronization Rules Editor are included when you install Azure AD Connect on the domain controller or member server that will host the directory synchronization service. Synchronization Service Manager is used to customize the synchronization schedule. It can only be run after directory synchronization is enabled.
You should not run the Synchronization Rules Editor. The tool can be run only post-deployment of directory synchronization. Also, the tool is used to customize the user and group attributes synchronized between on-premises and cloud environments, not to proactively address synchronization errors.