• State Suggested Answer
  • +1 person also asked this people also asked this
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 22 subscribers
  • Views 5054 views
  • Users 0 members are here
Options
Related

Group membership sync issuesD

dan sikorski
over 4 years ago

I'm working with a customer who is using qmm to migrate ad and exchange from sourcedomain to targetdomain.  User and group objects were all migrated from sourcedomain to targetdomain some time ago, and have kept in sync with the DSA with a one-way sourcedomain to targetdomain syncronization since that time.  For most groups and users, this is working great.  Passwords and everything is kept in sync.  However, occasionally some group memberships are not being updated.  For example, GroupA was migrated from Sourcedomain to targetdomain.  It has four users and eleven groups in it.  Months later, GroupA in SourceDomain is modified, removing all four users and four of the groups from the membership.  Days later, this change has not been syncronized to targetdomain.  All users and groups are configured to be in the scope of the sync process.  As a troubleshooting step, i add another user to GroupA on the source, and it gets synced to GroupA on the target.  If i remove that user on the source, it is removed from target group as well.

As an additional troubleshooting step, I also added one of the original four users to GroupA back in the source group, and waited ample time for the sync process.  Since they were still in the target group, no change was observed.  However, when i removed that user from GroupA on the source, the sync processs then removed them from the target group.

  • 0 over 3 years ago

    I have the same issue. Just a few user accounts can not sync their Group memberships from Source domain to Target domain. Other changes can be synced though, such as the description of the user.
    Can anyone please answer on what can be the cause of this?

  • 0 over 3 years ago in reply to andreas mr eriksson

    From this description it sounds like membership deletes are the issue. So I will bet your issue is running a full sync before the delta  sync with the delete could be processed. Full syncs only ADD objects it does not REMOVE objects. Delta sync add and delete membership. 

    Your test "

    As a troubleshooting step, i add another user to GroupA on the source, and it gets synced to GroupA on the target.  If i remove that user on the source, it is removed from target group as well."

    1. With the directory sync running in delta, running this your test works. 
    2. Stopping the Delta Sync, run your test and run a Start and Resync, the target group will still contain the member. 
    3. Stopping the Delta Sync, run your test and Start the sync, this will be in delta, once it sleeps,  the target group will NOT contain the member.