Unable to find employee after Active Directory synchronization

book

Article ID: 100010253

calendar_today

Updated On:

Description

Error Message

  • Synchronization status 
  • Job Log
  • CMDACrawler.log
  • Manual Deletion

 

Cause

  1. Employee can be rejected in following cases 
    1. UniqueID field is mapped to active directory attribute. There exists employees in employee list and active directory which do not have same principal login but have same unique id. E.g. Unique ID is mapped to "customAttr1" in active directory. An employee John exists in employee list with principal login as symc\john and unique id as "john1". In active directory, there exists an employee with principal login as symc\johnsmith and "customAttr1" as "john". During sync this case is identified as unique id conflict.
  2. Employee could be skipped in following cases - 
    1. Length of mapped attribute value in active directory is greater than max allowed length.
  3. End user has deleted an employee manually from employee list and if there is no change in that user's data in active directory, it won't be added to employee list by the incremental sync.

Resolution

Part 1 - Diagnose Issues in the Logs

Check the following logs to pinpoint the exact issue:

  • Synchronization status under System > Directory and Servers > Active Directory: shows number of rejected and skipped records.
  • Job Log: shows list of rejected records and its reason
  • CMADCrawler.log: shows details of skipped records with reason. User Guide has max allowed lengths for each of the employee attributes.
  • Manual Deletion: If there are no skipped/rejected records and still not able to find an employee, most probably that employee has been manually deleted by the user.


Part 2 - Resolution  

  • Rejected Record Issues
    1. Correct (make it unique) UniqueID either in Active Directory or in the Employee list
    2. Re-sync

 

  • Skipped Record Issues:
    1. Remove mapping of those Active Directory attributes, which have more than max allowed length, from employee attribute mapping page
    2. Re-Sync
    3. Correct attribute values in Active Directory
    4. Re-Sync

 

  • Manually deleted Entries
    1. Navigate to System > Support Features > Property Browser
    2. Configure esa.employeemanager.directory.sync.crawler.enablefullsync property to true
      1. Note: To enable incremental syncs again set this property to false. Incremental syncs are faster than full syncs.
    3. Re-sync

 

 

 

 

Issue/Introduction

Not able to find an employee in employee list after synchronization with Active directory. However that employee is available in active directory. Employee synchronization status shows skipped and rejected count greater than zero
Powered by Wolken Software