Connected Objects Are Deleted When You Rename an Object (316879)

SYMPTOMS

After you rename objects in the connected directory in Microsoft Metadirectory Services (MMS), the connector space object and the metaverse object are deleted or made obsolete on the next discovery, and then a new object is created. After you rename an object, MMS may disconnect and delete other connected objects that are joined by other management agents. When this behavior occurs, you may experience issues in many of the connected directories because objects that are security principals may be deleted unintentionally.

RESOLUTION

To resolve this issue, assign an anchor attribute, and then configure the management agent that provides name changes as the Prime Namespace.

How to Set the Anchor Attribute

Click the management agent that you want to configure.
Click Configure the Management Agent.
Click the Metadirectory Relationships tab.
Click the Metaverse Renaming tab.
In the Connected Directory Anchor Attribute box, add the anchor attribute.

Add an attribute that is a Unique Identifier (UID). You can use any hashed attribute that is static and unique your organization, including a UID attribute.
Click OK.

For more information about hashing attributes, see "Appendix B: Attribute Hashing and Searching" in the MMS Systems Administration manual.

How to Configure the Management Agent as the Prime Namespace

Click the management agent.
Click Configure the Management Agent.
Click the Connected Directory Specifics tab, and then click the Mode and Namespace Management tab.
Click to select the Select this management agent as the 'Prime Namespace' check box, and then click OK.

MORE INFORMATION

You cannot configure the anchor attribute on the Active Directory management agent. By default, the Active Directory management agent uses the object's globally unique identifier (GUID) as the anchor attribute. However, the following Microsoft Knowledge Base article describes an issue that occurs as a result of name changes in the Active Directory management agent:

316823 Moving Users in Active Directory Creates Disconnector

The following information is from the online manuals that are included in the MMS System Administration manual:

Renaming Options
If a person in a connected directory changes name or other distinguished name component (such as organizational unit), the management agent may treat the entry as representing a different person. These options help you deal with such problems.

Connected Directory Name Changes
The same person may have a different name in the metaverse and in the connected directory. In this case, a reflector management agent normally renames the metaverse entry to correspond to the connected directory name, no matter what the flow rules. Select the Don't Reflect option to turn off this default behavior. The "name" is the most specific part of the entry's distinguished name, that is, its relative distinguished name. Changes to other parts of the distinguished name are controlled by the Prime Namespace setting.

When a management agent is defined as the Prime Namespace, changes in its connected directory that modify any of the attributes that make up an entry's distinguished name are reflected in the metaverse. Such changes can be simple name (cn) changes, as a result of marriage, perhaps, or organizational changes, such as a move to a different department (organizational unit). If this option is selected, the Effect of CD Name Changes option is ignored.

Connected Directory Anchor Attribute
Use this option to specify a connected directory attribute that does not change (such as employee number) so that the management agent can continue to find the corresponding connector space entry when a connected directory entry changes its name or other distinguished name component.