Recently I've noticed that ADSGroup memberships between the Active Directory environment and IdentityManager are showing a larger disparity where membership removals in AD are not being detected and updated in IdentityManager even after a synchronization is run. I've run multiple simulations with synchronizations running full synchronizations and just specific Object Types (Groups + ADSGroupMember). These syncs always are set with IdentityManager as the slave system so group membership removals will be deleted and any new direct assignment membership will be updated in the IdentityManager Db. (see image)
The synchronization has failed consistently with errors as seen below for multiple Groups and Users.
tart processing objects / relation of type "ADSGROUPMember" using following settings:
database amount : IGNORE,
intersection amount: UPDATEDB,
namespace amount: IMPORT - USN optimization False.
[854011] Error processing M:N relations of CN=\#Some DL,OU=Distribution Lists,OU=Location,OU=Location Data Center,OU=NA,DC=1234,DC=net in database.
[921056] Error inserting relation CN=Some Group,OU=Groups,OU=Contacts,OU=NA,DC=1234,DC=net - CN=\#Covidien Sales Force.com Support,OU=Distribution Lists,OU=Mansfield01,OU=Mansfield Data Center,OU=NA,DC=thcg,DC=net into database table ADSAccountInADSGroupTotal.
[854041] No relation definition exists for object type publicFolder in relation block ADSGROUPMember .
[854011] Error processing M:N relations of CN=\#Some DL1,OU=Distribution Lists,OU=Location,OU=LocationData Center,OU=NA,DC=1234,DC=net in database.
[921056] Error inserting relation CN=Some User,OU=Misc,OU=Contacts,OU=NA,DC=1234,DC=net - CN=\#Some DL3,OU=Distribution Lists,OU=Location,OU=LocationData Center,OU=NA,DC=1234,DC=net into database table ADSAccountInADSGroupTotal.
[854011] Error processing M:N relations of CN=\#Some other DL,OU=Distribution Lists,OU=Location2,OU=Location2 Data Center,OU=NA,DC=1234,DC=net in database.
[921056] Error inserting relation CN=Some User,OU=Misc,OU=Contacts,OU=NA,DC=1234,DC=net - CN=\Some DL 3,OU=Distribution Lists,OU=Location2,OU=Location2 Data Center,OU=NA,DC=1234,DC=net into database table ADSAccountInADSGroupTotal.
Has anyone encountered a similar issue with sychronizations? This disparity is causing owners to be unable to manage their groups and put additional pressure on the call center .