My User ADMA sync rule does not delete target objects, but will create, modify, password sync, enable, disable, etc.
I am syncing users and a group from my primary forest one-way into what will be many customer forests. This will allow our engineers to be Admins for these customer forests with their passwords synced.
I morph my user objects in the outbound User sync rule to ensure that there will be no name collisions in any customer forest: Could this be the cause?
accountName+"-ACME"=>sAMAccountName
accountName=>msDS-cloudExtensionAttribute15 (existence test)
"CN="+aacountName+"ACME"+",OU=ACME Users,DC=LABForest1,DC=corp"=>dn (Initial flow Only)
displayName+" (ACME)"=>displayName
My sync rule Relationship Criteria is: accountName = sAMAccountName
On my primary inbound ADMA I have flow errors on the two deleted user accounts
- Error: extension-dll-exception.
- Sync step: export flow
- occurrences..
- Retry count: 33
- extension name: FunctionLibrary.dll
- extension rule: export flow
- extension context: <export-flow allows-null="true"><src><attr>displayName</attr></src><dest>displayName</dest><scoping></scoping><fn id="+" isCustomExpression="false"><arg>displayName</arg><arg>" (EdgeTG)"</arg></fn></export-flow>
- Destination MA: ADMA-LABForest1
- Destination Object: CN=TestUser2-ACME,OU=ACME Users,DC=LABForest1,DC=corp
- Mapping type: direct
- Data source attribute: sAMAccountName
Call Stack:
Microsoft.MetadirectoryServices.FunctionEvaluationException: Error encountered during evaluation of Sync Rule: 'LABForest1 User Outbound Sync Rule'. Details: Object reference not set to an instance of an object.
at Microsoft.MetadirectoryServices.FunctionLibrary.AttributeFlowMappingHandler.ExecuteOutboundTransformation(CSEntry csentry, MVEntry mventry, String strSyncRuleGuid, String xmlExpression, String workflowParameterTypes, String workflowParameterValues)
Thanks, Stu