Disconnectors Are Created When You Move Objects in Active Directory (316823)

SYMPTOMS

If you use the provisioning agent and the Active Directory management agent (ADMA) to create an object in Active Directory, you initially create the object in an organizational unit in Active Directory. If you move the object to another organizational unit in Active Directory, and then run the ADMA, the connector for the object is still displayed in the original organizational unit in the connector space. In addition, a disconnector is displayed for the object in the new organizational unit in the connector space.

CAUSE

There is a Globally Unique Identifier (GUID) attribute on all Active Directory objects, which is used as the anchor attribute in Microsoft Metadirectory Services (MMS). However, the ADMA does not create the GUID attribute for additional objects that it sends to Active Directory. Active Directory assigns the GUID attribute when it creates a new object. When the object is first discovered after the object is created by the ADMA, the GUID attribute is read and stored in the hologram. If the object does not have the anchor attribute set, MMS cannot determine that the object in MMS is the same object that is in Active Directory because the name has changed.

RESOLUTION

To resolve this issue, run the ADMA a second time before you relocate the object. For example, if you use the ADMA to create a user in Active Directory, the first time you run the ADMA, the user is created. After you run the ADMA a second time, the hologram is populated. If you move the object to another organizational unit and run the ADMA a third time, you are able to use the GUID attribute to track the user. In this example, the user's connector is displayed in the organizational unit in the connector space to which you moved the user.

You must populate the hologram with the object GUID before you move the object in Active Directory. Do not move an object in Active Directory until after you run the ADMA a second time.