My Oracle Support Banner

DIP Fails to Sync OU and its Entries from MS AD to OID. DIP Log Shows no Errors on OUs , Debugged Log Shows: Required attributes not found <ATTRIBUTE_NAME> (Doc ID 1967632.1)

Last updated on SEPTEMBER 23, 2019

Applies to:

Oracle Internet Directory - Version 10.1.2 and later
Information in this document applies to any platform.

Symptoms

Oracle Internet Directory (OID) 11g and Directory Integration Platform (DIP) synchronizing from Microsoft (MS) Active Directory (AD) to OID.

Some users have been moved from one OU structure to another in AD, but OID has not synchronized those changes.

Also noticed that that OID structure does not match MS AD entirely.  Some of the entries, e.g. "OU=NEW_OU,DC=<COMPANY>,DC=com" are currently sync'd correctly, but not all of the OU's under it are.  For example, the OU with an old Distinguished Name of:
   ou=<OU1>,ou=<OLD_OU>,dc=<COMPANY>,dc=com
Was moved in MS AD to:
   OU=<OU1>,OU=<NEW_OU>,DC=<COMPANY>,DC=com
But this change did not sync to OID and the DN still exists in the old location in OID.

Already verified the AD profile does include OU on the searchfilter, e.g.:
   searchfilter=(|(objectclass=organizationalunit)(&(objectclass=user)(!(objectclass=computer))))

There are no OU related errors in the DIP wls_ods1-diagnostic.log file.



Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.