Active Directory Management Agent Ignores Objects That Were Previously Excluded in Delta Mode (317397)


The information in this article applies to:

  • Microsoft Metadirectory Services 2.2
  • Microsoft Metadirectory Services 2.2 SP1
This article was previously published under Q317397

SYMPTOMS

If objects that were previously excluded from Active Directory discovery are now included in discovery by the Active Directory management agent, these objects are not imported during delta runs. The following message is logged in the Dslib.log:

02/01/16 15:18:58.734 0003-DELTA IGNORED[00]:
CN=Test3,OU=MMSOU,NC=pvupgrdxp.
com,ma=ADMA,DsaName=bblabsrv,ou=Applications,dc=microsoft,dc=com

CAUSE

This problem is a limitation in the Microsoft Metadirectory Services (MMS) 2.2 Active Directory management agent design. This problem occurs because MMS only receives the changes from Active Directory (for example, the distinguished name change) and not a full image of that object. Because MMS does not have the full set of object attributes, the program cannot process that object. In MMS 2.2 and MMS 2.2 Service Pack 1 (SP1), the program does not go back to Active Directory to retrieve the full object.

RESOLUTION

To work around this problem, periodically use the Active Directory management agent to run full discovery. Typically, you do this by scheduling a Full mode import periodically so that you catch the users who were ignored.

The following actions are an example of some of the actions that require you to complete a full run of the Active Directory management agent to reestablish synchronization (the following list contains some examples only; it is not a complete list):
  • You change the attribute inclusion list
  • You change the object classes list
  • You change the list of containers discovered
  • You move objects between a discovered or an excluded organizational unit
NOTE: To prevent this problem from occurring, keep the management agent running in Association mode and do not exclude objects or containers. If you use this method, you have to configure your join rules so that only objects that you want included can join.

For additional information about configuring join rules, click the article number below to view the article in the Microsoft Knowledge Base:

250586 Configuring the Join in Microsoft Metadirectory Services

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.
Modification Type:MajorLast Reviewed:6/6/2003
Keywords:kbenv kbprb KB317397
©2002 Microsoft Corporation. All rights reserved.