How to clear the "change cache" from an AD Driver (synchronizing changes from AD)

1. Stop the Driver and Save.

3. Stop the Remote Loader.

4. Delete the C:\Novell\RemoteLoader\state_TREE_PATH_DRIVERSET_DRIVER.XML file for the driver for which you want to clear the change cache. NOTE: The filename starts with state and has the driver set and driver name in it with an .xml extension.

If you do not want Old Password Changes in Active Directory to synchronize to eDirectory, then you need to configure the timeouts on the Active Directory Driver properties.  This functionality was added in the Active Directory driver 4.0.0.0 or later, and the corresponding password filter with IDM 4.0.2 or later.   So make sure you apply the current Active Directory Driver update and remote loader / password filter updates to your domain controllers.

6.  Edit the properties of the Active Directory Driver.

7.  Under the Driver Paramenters, Access Options, set the DC Passwords TimeToLive (minutes) to some value such as 30 60, to timeout all password changes sitting in the Active Directory registry waiting synchronization older than 30 or 60 minutes old.  Then save the changes to the driver properties.

8. Start the driver.

9. Start the remote loader.

You should not see it syncing any cached events from Microsoft Active Directory to eDirectory.

NOTE:  The dirxml-DriverStorage attribute is a "per-replica" attribute so you must delete it on the particular replica where the driver is running.   To accomplish this when launching iManager, instead of putting the treename in during authentication, put the IP address of the driver server in the tree name field.  This should allow iManager to delete the attribute from the replica on the driver server.

BONUS: How to clear the Active Directory driver cache on the eDirectory side. (eDir to AD)