Ad to OID Synch Issue
By default, Microsoft Active Directory Connector retrieves changes to all objects in the container configured for synchronization. If you are interested in retrieving only a certain type of change, for example only changes to users and groups, then you should configure an LDAP search filter. This filter screens out changes that are not required when Microsoft Active Directory Connector queries Microsoft Active Directory. The filter is stored in the searchfilter attribute in the synchronization profile.
To troubleshout this kind of DIP issue enable TRACE:32 Logging for the following components:
oracle.dip.config
oracle.dip.mbean.prov
oracle.dip.mbean.sync
oracle.dip.util
You can achive this using enterprise manager console:
Navigation: http://mkktestserver1.unixdomain.local:7003/em >>> Click on wls_ods1 >>> Drop down WebLogic Server >>> Logs >>> Log Configuration
Monitor the managed server log to capture the issue.
Users are not getting synchronised from AD to OID.
Put a searchfilter in ADtoOIDSynch profile definition.
searchfilter=(|(objectclass=group)(objectclass=organizationalUnit)(&(objectclass=user)(!(objectclass=computer))))
In wls_ods1 log you would see a message like following after this change:
[2013-07-28T13:34:15.178+01:00] [wls_ods1] [NOTIFICATION] [DIP-10252] [oracle.dip] [tid: ADtoOIDSynch] [userId: <anonymous>] [ecid: 0000K0Uebzv03zD_R9c9yd1Hwpv2000002,0] [APP: DIP#11.1.1.2.0] Found Search Filter : ((|(objectclass=group)(objectclass=organizationalUnit)(&(objectclass=user)(!(objectclass=computer))))).
To verify if synchronisation is properly happening or not you can follow this link:
http://mkkoracleapps.blogspot.com/2013/07/how-to-check-ad-to-oid-synch-is.html
By default, Microsoft Active Directory Connector retrieves changes to all objects in the container configured for synchronization. If you are interested in retrieving only a certain type of change, for example only changes to users and groups, then you should configure an LDAP search filter. This filter screens out changes that are not required when Microsoft Active Directory Connector queries Microsoft Active Directory. The filter is stored in the searchfilter attribute in the synchronization profile.
To troubleshout this kind of DIP issue enable TRACE:32 Logging for the following components:
oracle.dip.config
oracle.dip.mbean.prov
oracle.dip.mbean.sync
oracle.dip.util
You can achive this using enterprise manager console:
Navigation: http://mkktestserver1.unixdomain.local:7003/em >>> Click on wls_ods1 >>> Drop down WebLogic Server >>> Logs >>> Log Configuration
Monitor the managed server log to capture the issue.
Users are not getting synchronised from AD to OID.
Put a searchfilter in ADtoOIDSynch profile definition.
searchfilter=(|(objectclass=group)(objectclass=organizationalUnit)(&(objectclass=user)(!(objectclass=computer))))
In wls_ods1 log you would see a message like following after this change:
[2013-07-28T13:34:15.178+01:00] [wls_ods1] [NOTIFICATION] [DIP-10252] [oracle.dip] [tid: ADtoOIDSynch] [userId: <anonymous>] [ecid: 0000K0Uebzv03zD_R9c9yd1Hwpv2000002,0] [APP: DIP#11.1.1.2.0] Found Search Filter : ((|(objectclass=group)(objectclass=organizationalUnit)(&(objectclass=user)(!(objectclass=computer))))).
To verify if synchronisation is properly happening or not you can follow this link:
http://mkkoracleapps.blogspot.com/2013/07/how-to-check-ad-to-oid-synch-is.html
I really enjoy simply reading all of your weblogs. Simply wanted to inform you that you have people like me who appreciate your work. Reading nice blogs as yours on instagram at link instagram viewer
ReplyDelete