During migration or synchronization, two different user objects have been merged and a mismatch occurs. Undoing the migration does not resolve the issue. What is the best approach to resolve the issue?
If two different objects have been mismatched a clean up is required. In order to resolve the issue please stop directory synchronization and follow these steps:
1. Clean up the account in target:
-Delete the SID history using AD Processing Wizard which comes with QMM
-Delete all proxy addresses which have been copied from source object
-Delete the template address eg. @source.com
-Delete the x500 address
-Clean up the Service Attributes (by default EA 14 and 15)
2.Clean up the account in source:
-Delete the template address eg. @source.com
-Delete the x500 address
-Clean up the matching attributes (applies only if this is a two-way synchronization)
3.Resolve the problem itself that caused accounts to be matched in the first place, eg. rename the existing account in source (or in target) by changing the SamAccountName.
4. When done with the steps above, please start Directory Synchronization with the option Start and Re-Sync. Full resynchronization is required to resolve this issue, otherwise DSA will use the old information stored inside the cache and will mismatch the objects again.
Notes:
Sometimes, when synchronization is configured to create objects in target domain, it is a good idea to migrate the account using a migration session, it will give the administrator more control over the process.
Quest KB contains articles with information how to use AD Processing wizard and other cleanup utilities.
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center