Changes not coming over from AD to eDirectory because of stuck state file

  • Document ID:7008183
  • Creation Date:22-Mar-2011
  • Modified Date:26-Apr-2012
    • Micro Focus Products:
      Identity Manager

Environment

Novell Identity Manager Driver - Active Directory

Situation

No changes are being picked up in AD by the driver.  Making a change in AD does not cause anything to show in the trace.  Noticed that passwords will come across for already associated users, but no modifies.

Resolution

This was caused by the driver storage attribute on the driver or the state*.xml file being corrupt.  This attribute and file determine what changes need to be synced from AD to eDirectory.  The state*.xml file is like the *.tao file on the engine side.  Normally you can fix the problem with the following steps:
- stop the driver and the remote loader instance.
- delete the state file.  By default this file is found in the c:\Novell\RemoteLoader directory.  The name of the file is state_(fully distinguished name of driver).xml
- delete the driver storage attribute on the driver.  In iManager go to the properties of the driver.  Click on the General tab.  In the 'Valued Attributes' column, highlight the DirXML-DriverStorage attribute and click on the Delete button.
- Restart the Remote Loader instance and then restart the driver.
At that point any new changes made in AD should be picked up by the driver.  Prior changes made in AD will not sync over.  A sync of the driver will pick up any lost modifies.  You can specify the date going back to when the problem first happened so that you do not sync all the users.  For any new users in AD that were missed, you can either go back and migrate all the users over or just modify any existing new users.
 
In some rare cases the users still do not come over.  In this case you do the same steps but with this one change.  Instead of deleting the DirXML_Driverstorage attribute so the following:
- edit the attribute and change the state value to something else.  The part of the attribute to change is the part between the <cookie>...</cookie> statement.  You can change the last letter or number in the string to a different value.
- When you start the driver make sure that you have trace turned on and only allow one event over from AD.  Then stop the driver.  Note what the change was in the driver trace in case you need to undo it.  If you leave the driver running, it will do a complete re-sync from AD.  This is because the driver saw the attribute value as invalid and will try to do a full sync from AD.
- Now delete the DirXML driver storage attribute and the State file again.
- Restart the driver and it should start picking up new changes in AD.