When running sync workflow in Sync Editor, the ADSAccount record is found to be deleted even when it still exists within the target Active Directory.
If the same sync work flow is used to run again, the accounts deleted in the previous sync work flow run are added back to the ADSAccount table.
Additional observations on this:
- Deletion only occurs on Accounts that had some changes on their AD properties (E.g. password, etc) prior to the first sync work flow run.
- This happens after the upgrade to version 8.1.
This behavior is due to an optimization of the ADS connector implemented in v8.1 for CR ID #30957. (Please refer to issue ID 30957 in the release notes: Resolved issues).
The optimization queries UNSChanged property of the objects in ADS to compare with snapshot obtained prior to the sync.
However, If objects have changed between the request of an object list and the completion of loading in the AD, then these objects do not follow due to the query with USNChanged and are consequently set to Outstanding/Delete after the workflow.
WORKAROUND
None
STATUS
A fix for Defect #31908 is available from Support. Please contact Support with your version number for more information.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback 使用条款 隐私 Cookie Preference Center