|An attempt to install an older version of the agent software will fail if a newer version has already been successfully installed. If, for some reason, the older version is needed, first uninstall the newer version, then remove all registry references to the agent.
|The agent installer cannot accept a password with a first character of !.
|When discovery discovers an environment, it will read in the OU structure of all domains within the forest. The UI will show all domains and you can select them for use in all workflows. However, if a DC for that domain is not included, or the agent account does not have read access to the objects, they will not be read into the database.
|Cloud Only Security Groups are not read in when reading a cloud endpoint.
|User thumbnail photos do not sync to cloud environments.
|The PowerShell User Group should be added to the Tenant Group Filter as the Group Owner. A security group should not be used.
|An account with access to all domains within the forest is needed if you want to sync all domains within a single forest with a single agent. Using an enterprise admin account is the most efficient method for doing this.
|Mapping functions do not work with multivalued attributes. For example, (results(proxyaddresses,"x500:") will not return a true even if an X500 address is present.
|When a workflow for a cloud environment has been run once, but then has been idle for longer than 30 days, an error will be encountered when the job starts, and the job will fail and loop repeatedly until the retry count has been reached.
|In the German and Chinese Office365 tenants, Directory Sync will always do full synchronizations because the delta sync functionality is not available in these local tenants.
|An "Object with ID xyz was not found" error may occur when reading recently created Azure guest users due to the longer length of time for guest users to propagate.
|Remote Mailboxes from the source are incorrectly created in the target as Users instead of MailUsers.
|Delta syncs are limited to 30 days. To avoid full synchronization, a read in should be performed for all cloud environments every 29 days or less.
|Password sync does not support AES hashes.
|A template configured to sync a binary attribute to a non-binary attribute will not sync correctly. For example, if syncing Binary (ThumbnailPhoto) to String(ExtensionAttribute), the target attribute will be synced as "System.Byte" instead of the expected binary value converted into a string.
|A security group cannot be used as a filter group.
|When using filter groups for Cloud environments you need to ensure that a group containing any newly created objects is present in the environment filter. This can be accomplished by having a source and target filter group with the same name so they will match and synchronize between the environments. If these objects are not read in after creation, they will not have any additional updates synchronized and they will not be matched.
|When synchronizing local AD groups to Office 365 as Office 365 groups (Unified Groups) any contact in the source group will record an error in the logs and the contact will not appear in the target group.
|Office 365 Group settings are not copied to the target Office 365 Group.
|Likes for Office 365 Group conversations are not migrated.
|Custom schema attributes can be added to template mappings but are not visible in the drop-down selection list.
|All domains within an Active Directory Forest are visible within an environment when adding a single domain even though the agent account credentials may not have access to all domains.
|The DS-Core-Propagation-Data attribute is not synchronized by Directory Sync. The DS-Core-Propagation-Data attribute is a system attribute which is used by the Active Directory service and cannot and should not be modified by anything other than the directory itself.
|The mapping does not update the mailnickname attribute of Non mail-enabled security groups.
|Attribute filters cannot be applied to Security Groups.
|Cloud Environments that use Object Filter Exclusion options may see Unlicensed or Disabled Accounts read in when configured to Exclude Unlicensed or Disabled Accounts. This is because the AccountDisabled and SKUAssigned properties in Exchange Online Management are not always updated to reflect the true state of the object in Office365.
|Updates of non mail-enabled Security groups in Cloud to Local syncs fail due to an empty samAccountName value.
|Custom schema attributes can be added to template mappings, but are not visible in the drop-down selection list.
|Directory Sync will attempt to add Group Object as Owner to Teams/M365 and Distribution Group when the Group object shares similar name as the Group Owner. For M365 Groups and Teams, an error will be logged for these groups as they cannot be added as an owner.
|Password sync will fail for objects with non-English characters in the sAMAccountName.
|A directory operation error occurs when running a cloud to local workflow.
The RC4 encryption (Rivest Cipher 4 or RC4-HMAC) is an element of Microsoft Kerberos authentication that Quest migration products require to sync Active Directory passwords between Source and Target environments. Disabling the use of the RC4 protocol enabled makes password syncing between environments impossible.
Beginning on November 8, 2022 Microsoft recommended an out of band (OOB) patch be employed to set AES as the default encryption type. The enabling and disabling use of the RC4 encryption protocol has potential impact beyond the function of password syncing of Quest migration tooling and should be considered carefully.
|Comment fields that exceed the maximum length of 4000 characters will cause an error.
|When mail contacts are deleted from Exchange Online, the deletion is not reflected in the product. Workflows with 'Delete Objects' steps will not process contact deletes.