• Locked Locked
  • Replies 16 replies
  • Subscribers 97 subscribers
  • Views 15133 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to sync changes made in IM to AD

Andrea
over 7 years ago

Hello,

We are facing a weird issue whose scenario is the following: we have successfully synchronized both HR database and Active Directory, we have both Persons and ADSAccounts in our Manager UI and we are now trying to made some modifications in 1IM that we would like to propagate into the Active Directory target system.

We took a test user in the Manager (the ADSAccount object) and we have manually assigned some AD groups to that user but, when we execute the synchronization workflow (from 1IM to AD), the modifications made in the Manager are ignored and the account on AD doesn’t get the new groups. The same behavior happens if we try to remove a user from a group in the Manager: after the workflow execution, no groups is removed from the user.

A different thing happens when we make modifications to the account on Active Directory side: if we remove or add a group to a user and we execute the workflow, the removed group is added again to the user while the added group is removed and so the user is reverted back to their original state. This second behavior is perfectly fine to me since I want IM as the master of the operations but I believe that there is something wrong with my sync project.

After the execution of the sync workflow (that it's using the defaults steps and mappings for users and group) i have the following messages in the execution log:

Information The object (Group_A) of type (ADSGroup) was ignored during synchonization.
Reason: The object has pending M:N provisioning tasks.
Information The object (Group_B) of type (ADSGroup) was ignored during synchonization.
Reason: The object has pending M:N provisioning tasks.

Furthermore there are 2 items in the DPRMemberShipActions that refers to the previous object of type groups:

Add member <Key><T>ADSAccountInADSGroup</T><P>1cec0769-dc41-4685-ade9-a7303e460c3d</P><P>bbf22027-cb22-4138-81fd-2ffa4793b219</P></Key>
Remove member <Key><T>ADSAccountInADSGroup</T><P>1cec0769-dc41-4685-ade9-a7303e460c3d</P><P>a0ef7c75-de33-406e-b2ff-4029fa7481bb</P></Key>

I verified the UID on the IM database and they are exactly my test objects.

Can anyone give some clue?

Thanks in advance,
Andrea

Parents
  • over 7 years ago
    @Markus i spoken to a colleague some days ago and he said the same thing: those operations should be done automatically, without the need to start a workflow, perhaps we are running into a bug or something because even technical support have no clues.

    When i click on Save button in the Manager, right after the group adding/removing, the job queue gets populated by a couple of items (see screenshot: www.dropbox.com/.../ScreenShot098.png while DBQueue is empty and still nothing changes on the AD side.
Reply
  • over 7 years ago
    @Markus i spoken to a colleague some days ago and he said the same thing: those operations should be done automatically, without the need to start a workflow, perhaps we are running into a bug or something because even technical support have no clues.

    When i click on Save button in the Manager, right after the group adding/removing, the job queue gets populated by a couple of items (see screenshot: www.dropbox.com/.../ScreenShot098.png while DBQueue is empty and still nothing changes on the AD side.
Children
No Data