How to Align / Realign / Change / Reset the DIP Server AD Synchronization Profile's Last Applied Change Number (LACN / orclodipConDirLastAppliedChgNum) When Changing the AD DC Server Host or IP Address (Doc ID 735248.1)

Last updated on JANUARY 30, 2024

Applies to:

Symptoms

DIP synchronization has been configured between OID  and Active Directory, and now the AD Domain Controller needs to be changed. For example, from server DomainController01 to server DomainController02 , a second server in a multi-master configuration, where:

• both servers are in the same Windows domain, and
• FQDNs of the servers are DomainController01.<DOMAIN_NAME> and DomainController02.<DOMAIN_NAME>

The highestCommittedUSN on the second server (DomainController02) is much lower than on the original server (DomainController01), due to the number of changes (usn) being different at the AD DC server level in the same Windows domain per the USN change approach theory in AD.

Because of this difference, the OID synchronization profile will not store any changes until the lower highestCommittedUSN catches up with the orclodipConDirLastAppliedChgNum in the profile.

Nevertheless, in the same Windows domain, objects (users, groups, etc.) are replicated between all AD DC servers.

This document describe how to re-align the highestCommittedUSN values in the profile in order to continue DIP synchronisation.

Observation:
To obtain highestCommittedUSN the following ldapsearch can be used:

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.