objects are syncing (new ones) not old ones (created before ADDriver configured)
What is wrong?
Cybersecurity
DevOps Cloud
IT Operations Cloud
objects are syncing (new ones) not old ones (created before ADDriver configured)
What is wrong?
I added next screen maybe can help more
I see only 1 thing where is wrong in dest DN which is started with "," what for me is not understood because in any configuration I dont see any "," used at the begining
The . is actually the issue. Looking at the error it says win32-rc of 8350. Those error codes can be looked up here:
learn.microsoft.com/.../system-error-codes--8200-8999-
Which shows 8350 as
ERROR_DS_NAME_UNPARSEABLE
8350 (0x209E)
The directory service encountered an error parsing a name.
So yep, you specified an invalid name for a search of AD OU's
Is this a fresh install or is this a customized system you are taking over? I can see where in a clever model, you test to see if the container exists before using it. But your code would be failing to specifiy the container name.
Look in the Subscriber channel (Up direction in Designer, bottom line, right direction in iManager) Matching policy at when it does a Find Object, or a Query and see how it generates the DN.
It is fresh installation
OU exist in Ad and all containers are in configuration
Only what I see - is "," at the begining of the name of OU. But I don't see it in configuration ;(
That is a comma, not a dot. If you look at the Sub Match policy rules. Look for the one for Org Units.
It is trying to use 'unmatched-src-dn' op property, but the value is empty. Probably because the user is in ou=users,o=data in IDM.
The previous rule, tries to set it, using the Unmatched Src DN token, which only works, right after a do-find-matching object for the User, so if they were in a ou=Active under the Users then the unmatched src dn would be cn=username,ou=Active and then insert a comma, and the base DN from a GCV and that should work.
Do you know how to read ndstrace? You found it, from the screen shots at least on the RL side. Make sure it is enabled on the engine side, find the files (read them as text, don't use iMonitor to read them) and look for the sub-mp starting and read what happens, it should be fairly obvious what is going wrong.
If nothing else, use the Insert menu in this editor, and insert a code block with trace for us to read here.