To verify if object is covered by the synchronization scope, first thing need to be checked: right-click domain pair, Properties, Skip Objects
Verify what categories are checked there and if the object in question is not in those categories.
Then, check object's Attributes and verify if:
- adminCount is not set to 1
- showinadvancedviewonly is not set to 1
Objects with those attributes will not be seen by QMM
While being in ADUC, check object's location in AD: what exact OU it's located in.
Right-click Synchronization under the domain pair and select Properties
Go to Select Source Scope and validate that OU, that object belongs to, is checked
Further, click on Select Filter button and validate that:
- object class, that object is type of, is checked (if it's a user, group, inetorgperson, etc)
- object is not listed in the Exclude List
- click on Advanced and verify if there's LDAP filter specified. If there is, verify that LDAP filter is covering the object. For example: if LDAP filter is set as (extensionAttribute9=syncme) then object's extensionAttribute9 is populated with value 'syncme'.
Note 1: same rules apply to the 2way sync where target scope should be checked if said object is not being synchronized back to the source domain.
Note 2: changing any settings in Synchronization require full resync which may be not desirable sometimes.
