• State Verified Answer
  • +1 person also asked this people also asked this
  • Replies 8 replies
  • Subscribers 21 subscribers
  • Views 7782 views
  • Users 0 members are here
Options
Related

QMM Migration Merge of user accounts does not appear to be working

sread1
over 4 years ago

Hi All,

I've got a strange issue which I can't seem to work out why it's happening.

Setup is single domain pair from Domain A to Domain B.

Domain B already has a pre-created accounts based on the accounts in Domain A. This is done using FIM. So, effectively, Domain B has a clone of domain A accounts, but not all attributes.

I have a Dir Sync setup focused on one OU (and subtree) in Domain A and will only sync objects if that object has ExtensionAttribute3 set. The sync is setup to skip certain attributes because they are already synced using FIM. sAMAccountName is one of the attributes being skipped.

The domain pair was initially setup to Object Match on SID History and Email.

Adding a value to the ExtensionAttribute3 in Domain A, in the source OU, syncs the account attributes from Domain A to Domain B.

That all works fine. If I make a change to an account in Domain A covered by the sync setup, it gets replicated across.

However, under Domain A source OU, I have accounts that don't have a primary SMTP address and thus when I set ExtenstionAttribute3, they don't get synced to Domain B. This, I expect, is because I have only got Object Matching on SIDHistory and Email.

With this in mind, I turned on AccountName object matching. Since the same sAMAccountName exists in both domains. Having turned this on and run an initial sync, I still do not get these accounts synced across. The service attributes are not set.

If I try and do a migration session on one of these accounts, I get the Conflict of attribute for sAMAccountName. If I skip sAMAccountName in the migration session, it creates a new account in target domain with a $ random number sAMAccountName. In the DSA log it still complains about a conflict. Well, there will be, as both domains have the same sAMAccountNames.

I don't understand why since I have enabled AccountName matching, the sync isn't working and also when I do a migration session (with merge account don't create new), it insists are on creating new.

What have I missed?

Many thanks for taking the time to read this, if you got this far Slight smile

Parents Reply
  • +1 over 4 years ago in reply to sread1

    If you are not changing the samaccountname why skip it in the first place. 

    1. Make sure the Account Name matching rule is enabled in the domain pair. 

    2. Run a migration session and do NOT skip the samaccount name. 

    The objects will match and merge. If if does not, you are doing something else you have not disclosed. 

Children
  • 0 over 4 years ago in reply to Jeff Shahan

    Thanks Jeff, that seams to have fixed it. Well, corrected my understanding.

    The reason why I skipped sAMAccountName was because FIM was doing that job. Anyway, I did as you say..

    1. Make sure the Account Name matching rule is enabled in the domain pair. 

    2. Run a migration session and do NOT skip the samaccount name.

    3. Used an import file <TestUser1><TAB><TestUser1>

    4. Set ExtensionAttribute3 and it's in the Dir Sync.

    Merge was already set on the session job.

    Thanks for your input. Much appreciated