At a customer site we have an AD driver running including exchange
Syncing data and password works fine.
We have extended the schema on both eDirectory and Active Directory
without any problem.
However.. MS does not provide the tools to manipulate these attributes,
so whenever (mass) updates are nessecary on the AD we use LDAP or


When we change an attribute in AD, it will not sync to the Identity
Vault!!! From the trace we see some changes (add a value without
removing the old one or a remove-all). It will not display an error!!
After seeing the issue we remove the values from both eDirectory and
ADS, we put the value in by hand in the Identity Vault and everything
is synced again. Of course filter are set up properly (syncing both
ways) and there is no policy stopping modifies.

Is there a special parameter stopping new values to be picked up by the
shim (f.e. it is not in the changelog), do we need to try replace the
value by first removing the old one, or is something else wrong

many thx in advance

the network lives on patches, re-configurations and caffeine. one net,
one engineer, one coffee brand.
dvandermaas's Profile:
View this thread: