hi
we’re synchronizing migrated users and groups from destination AD to the target AD (One-Way)
We recognized that we have an issue with migrated users when they try to logon to the target AD with their migrated users
The reason for the failed logon is about an accesstoken which is to big (much more than 1024 SIDs…up to 1700 SIDs). There are some old SIDhistories, which resists in the old destination directory
The IT-Provider from the destination AD has cleaned up their AD (deletions of groups, deletions of old SID in groups/users)
Unfortunately the change of groups and users wasn’t synchronized to the target AD (yes... also checked the destination if the change was really done J )
Now we have an delta-Sync in place – we’ve not done an re-sync.
The Settings for the synchronization-job has checked the option, that synchronized objects should be deleted in the target AD (-> Tab: Advanced Options)
So.. thinking of ... if the settings for synchronization are correct, there is no need for doing an Re-Sync of all objects.
The Installation and Configuration of the Migration Manager was done in cooperation with an Dell Engineer
We have also a skiplist for attributes in place, deciding that the attribute name in the target is <surname, name (samaccountname)>…
Our IDM Tool has some trouble with this form of the attribute name. It has to be the samaccountname
skiplist:
cn computer Both
cn contact Both
cn group Both
cn inetOrgPerson Both
cn container Both
cn user Both
sAMAccountName group Both
sAMAccountName computer Both
sAMAccountName inetOrgPerson Both
sAMAccountName user Both
name group Both
name contact Both
name inetOrgPerson Both
name user Both
scriptPath inetOrgPerson Both
scriptPath user Both
msTSProfilePath inetOrgPerson Both
msTSProfilePath user Both
homeDirectory inetOrgPerson Both
homeDirectory user Both
can someonbe check if the skiplist possibly can be the problem?
