I'm looking at an issue in our FIM - we have been using FIM for a number of years and it mostly works but we have a specific issue at the moment with a group of users. I'm very very new to FIM so excuse any terminology errors in the below.
We sync from "our_parent_company" reading AD objects from multiple domains into the MV. Then the flow creates mail enabled contacts in our own AD in a specific OU for email purposes using a second management agent.
A few users from "our_parent_company" have moved domains and/or changed their office addresses recently and we're not getting updates in our contacts folder in our AD for these users, we're not sure how many but it's probably in the 10's.
I have tried explicit disconnects from the MV for the objects but they don't re-provision even into the MV from the "import connector". New objects in our parent company AD provision OK in our contacts folder. The issue just seems to impact users at our parent company who have had something substantial changed about their AD account, ie, domain, or office address etc.
We're not seeing any sync errors for these users and can verify them as existing with the correct info in the remote AD as we have visibility.
Could it be related to the moved/changed objects having the same CN values so the explicit disconnect is causing them to be ignored? They wouldn't sync before we tried the explicit disconnect either but we're just trying what we know.
I've checked the attribute flow/attributes to check we're reading the correct values, but even if we weren't what would stop a changed AD object synching into the MV when new objects sync OK?
Many thanks
Andy
Andy CR