Transporter for Domino - deleted AD/Exchange accounts not being removed from Domino directory during directory sync?
- I'm running Exchange 2007 (version 8.1 Build 240.6) with the Transporter Suite for Lotus Domino Version: 08.02.0126.000 and Domino 6.5.5. They share a common name space (xyz.com). I have successfully configured both a Directory Connector and a FreeBusy Connector. The directory connector is configured to synchronize AD Exchange accounts to an address book called exchange.nsf. I pull Domino contacts from names.nsf and place them in their own OU. I have the Notes 7.0.2 client on the Exchange server with the connector.
My problem is that when an AD/Exchange user is removed from the system, the corresponding entry in the exchange.nsf address book never gets deleted. The connector is configured to run hourly. I have bumped up logging to high and do not see any errors. I can't figure out why. The Notes id being used has manager access to the database. I'm not sure where to go from here. Any help would be greatly appreciated.
Thanks,
David
All Replies
- Is anything else modifying the entries in exchange.nsf, I had a similar issue at a client because the admins kept modifying the documents in exchange.nsf. Once they stopped modifying them the sync process was able to create/modify/delete the entries without any issues.
Thanks
Will
Will Shepherd - MCSE/MCITP/MCTS (Windows 2008,Exchange 2007,OCS 2007) - No. Nothing is modifing the doc. No agents. If I check the document properties it shows that the Transporter account made the last change. If I make a modification on the AD side (like change the email address), the modification comes over with no problem. I tuned on full logging and there are no errors showing up in the log. It does not seem to be an access issue. The account has manager access to the Domino address book. I'm lost.
- Why not give full access to the account at the Lotus side, and check if there is not another permission conflict that maybe denying deletion task. are you sure logging on transporter is set to high.
Capecol
MCSA - MCTS Exchange Server 2007 The Notes ID does have full (Manager Access) to the address book. And "Yes", I am sure I have the logging set to high. (output below).
My last test I added a test account. Allowed the Directory Sync service do its thing. The account was added to the Domino address book. I then modified the email address in AD. The modification sync'd to the Domino address book. No problem there. I then disabled email for the account. This removes the mailbox and Exchange attributes. The account never got deleted on the Domino side (I waited 24 hours). (Sync is scheduled hourly). I then did a manual FULL sync from the Transporter console. This worked. The test account got deleted. But I still have an older entry that did not get removed. Why does a manual full sync work to remove the entry but the service does not? I have configured the service to use the same credentials as I'm using to run the manual sync to eliminate a permissions issue. I still see no errors in the log.
UPDATE: Just added the mailbox back to the test account. Directory sync created new entry in Domino.
I then waited 2 hours and deleted the mailbox and user account in AD. 45 minutes later Directory sync ran and it reported 0 updates. Domino record is still there.
PS C:\Documents and Settings\dlsadmin> Get-TransporterEventLogLevelIdentity Level Application Category
-------- ----- ----------- --------
DominoDirectoryC... High DominoDirectoryC... Service
DominoDirectoryC... High DominoDirectoryC... Controller
DominoDirectoryC... High DominoDirectoryC... DirSync
DominoFreeBusyCo... Low DominoFreeBusyCo... RequestToPartner
DominoFreeBusyCo... Low DominoFreeBusyCo... Connection
DominoFreeBusyCo... Low DominoFreeBusyCo... General
