Problem

Synchronization issues with the AD-Connector arise when ignore-filters are removed and nested Distinguished Names (DNs) are edited, leading to errors such as:

ldap.NO_SUCH_OBJECT: {'desc': 'No such object', 'matched': 'ou=last,dc=found,dc=match,dc=com'}

Environment

This issue occurs in environments where Active Directory (AD) is synchronized with Univention Corporate Server (UCS) using the AD-Connector.

Solution

To handle changes when a previously ignored tree is added to synchronization:

1. Ensure that all parent Organizational Units (OUs) exist.
2. Force synchronization for each entity within the newly added tree using the appropriate script:

• resync_object_from_ad.py for AD to UCS synchronization.
• resync_object_from_ucs.py for UCS to AD synchronization.

Root Cause

The AD-Connector, after the initial synchronization, does not verify the existence of parent OUs when an element is checked for synchronization. This can lead to synchronization errors if the necessary parent OUs are missing.

This topic was automatically closed after 61 minutes. New replies are no longer allowed.