The directory service can perform the requested operation only on a leaf object

Toate mesajele

• 26 aprilie 2012 03:43

   

   
  

  0

  There is not a setting to do that. The FIM Sync engine will not delete objects that are containers of other objects.

  ---

  David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html

  • Mesaj
  • Citare

   
• 26 aprilie 2012 04:03

   

   
  

  0

  Take a look at http://social.technet.microsoft.com/Forums/en-US/identitylifecyclemanager/thread/2aab3c69-63eb-40a8-af3b-b658d874158b for some discussion on deleting containers.

  Also another thread hinting that perhaps FIM can delete empty containers:

  http://social.technet.microsoft.com/Forums/en/ilm2/thread/99fa4123-cb3a-46ea-859b-3debda37e3f5

  ---

  David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html

  • Mesaj
  • Citare

   
• 26 aprilie 2012 20:08

   

   
  

  0

  An empty container is a leaf object, so FIM should have no trouble deleting it in AD.

  Due to the vagaries of detecting and removing child objects of a user or computer object, I advise moving those objects instead to "OU=Pending Delete" or the like, and then periodically review and remove them via script w/ the LDAP subtree delete control.

  • Mesaj
  • Citare

   
• 30 aprilie 2012 17:17

   

   
  

  0

  We have the same issue. I posted it in this thread => http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/4b77100e-d195-4a46-a1ce-58cbf65ccf38

  You can implement some manual work arounds (such as flagging an attribute to later be deleted by a script, or deleting them yourself). I believe they are working on this to be fixed with the next hotfix in FIM 2010 R2??

   

  • Mesaj
  • Citare