OID 11g DIP Does not Synchronize AD Deleted Objects when Using Editing Rule (cn=%,<DN/container>) in DomainRules of the Profile (Doc ID 1936819.1)

Last updated on FEBRUARY 06, 2019

Applies to:

Symptoms

Oracle Internet Directory (OID) 11g integrated with Microsoft (MS) Active Directory (AD) via Directory Integration Platform (DIP) import synchronization profile.

Due to company requirements, implemented both the following Notes as solutions:

   How To Use A Non Administrator User For Connected Directory Account When Synchronizing AD - OID Document 464608.1

   Synchronizing Deletes from AD to OID Using a Search Filter Document 945212.1

However, deletes from AD to OID do not synchronize.

No relevant DIP log errors; sync of deletes are just ignored.

Tried a suggestion to change all layers, AD, OID and DIP to SSL mode 2 (server authentication) as per Document 1207673.1, but the same problem still occurs.

Also noticed that the ldapsearch tool from OID $ORACLE_HOME/bin directly against AD does not return any entries from the AD Deleted Objects container even if using SSL, whereas a 3rd party ldapsearch tool is able to return the entries with the same filter with either non-ssl or ssl. For example:

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.