OID 11g DIP Does not Synchronize AD Deleted Objects when Using Editing Rule (cn=%,<DN/container>) in DomainRules of the Profile (Doc ID 1936819.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Internet Directory - Version 11.1.1 and later
Information in this document applies to any platform.

Symptoms

Oracle Internet Directory (OID) 11g integrated with Microsoft (MS) Active Directory (AD) via Directory Integration Platform (DIP) import synchronization profile.

Due to company requirements, implemented both the following Notes as solutions:

   How To Use A Non Administrator User For Connected Directory Account When Synchronizing AD - OID Document 464608.1

   Synchronizing Deletes from AD to OID Using a Search Filter Document 945212.1

However, deletes from AD to OID do not synchronize.

No relevant DIP log errors; sync of deletes are just ignored.

 

Tried a suggestion to change all layers, AD, OID and DIP to SSL mode 2 (server authentication) as per Document 1207673.1, but the same problem still occurs.

 

Also noticed that the ldapsearch tool from OID $ORACLE_HOME/bin directly against AD does not return any entries from the AD Deleted Objects container even if using SSL, whereas a 3rd party ldapsearch tool is able to return the entries with the same filter with either non-ssl or ssl. For example:

  

Changes

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms