Active Directory Synchronization doesn't appear to be working 6.0

Article:TECH13163  |  Created: 2006-03-24  |  Updated: 2006-04-03  |  Article URL http://www.symantec.com/docs/TECH13163
Article Type
Technical Solution


Issue



Collections in the NS are not being updated after an AD Import is run. The Notification Server directory collections and resource listings show more computers than what Active Directory has currently listed in the corresponding OU. Even though the Active Directory Synchronization schedule is enabled, the two systems do not match.

Environment



NS 6.0.6074 SP3

Active Directory Connector 6.0

Cause



In order for Active Directory Synchronization to remove the computers that it needs, those computers need to have entries in both the Evt_Directory_Import_Status and Inv_Import_Rule_Imported_Items tables on the managing NS, and need to have been deleted in Active Directory, to be eligible for Active Directory Connector Synchronization to remove them from the NS.

Solution



Use the following SQL query to determine which computers cannot be purged using the AD Connector synch task. Computers found in the query will show they do not have entries in the necessary tables:

select * from item where Classguid = '539626D8-A35A-47EB-8B4A-64D3DA110D01'  and guid not in (select _ResourceGuid from Inv_Import_Rule_Imported_Items) and guid not in (select _ResourceGuid from Evt_Directory_Import_Status)

The computers found using the SQL script will have to be manually deleted from the Notification Server. The same SQL can be used to create a collection that can be deleted.


Legacy ID



21119


Article URL http://www.symantec.com/docs/TECH13163


Terms of use for this information are found in Legal Notices