When an Active Directory (AD) User Moves To A Different Container or Is Renamed, DIP Sync Creates a Duplicate User Record in OID (Doc ID 553567.1)

Last updated on APRIL 26, 2023

Applies to:

Symptoms

Moving or renaming users in Active Directory (AD) are creating new and duplicated user entries in Oracle Internet Directory (OID) by Directory Integration Platform (DIP).

For example, create a new AD user called "<USERNAME>" and let is sync or bootstrap into OID.

In AD, right-click on the user "<USERNAME>" and select "move," and move the user to a different container, which does exist in OID and is part of the domainrules mapping in the sync profile.

In OID now there are duplicate users for the same "<USERNAME>" user, i.e.

User in AD:
dn: CN=<USERNAME>,OU=<NEW_OU>,DC=<COMPANY>,DC=com

Corresponding users in OID:
(old entry) dn: cn=<USERNAME>,ou=<OLD_OU>,cn=users,dc=<COMPANY>,dc=com
(new entry) dn: cn=<USERNAME>,ou=<NEW_OU>,cn=users,dc=<COMPANY>,dc=com

The profile trace shows no error but includes the following "No value in entry..." message (in bold below):

However, already verified that the profile has the OID Matching Filter is properly set to orclobjectguid.

Or, another scenario, DIP sync creates a duplicate user with a different username, for example:

(old entry) dn: cn=<USERNAME@DOMAIN1>,ou=<OU>,cn=users,dc=<COMPANY>,dc=com
(new entry) dn: cn=<USERNAME@DOMAIN2>,ou=<OU>,cn=users,dc=<COMPANY>,dc=com

Changes

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.