none
FIM modified whenChanged AD attribute every full sync RRS feed

  • Question

  • Hi!

    We have MIM and we are export users from HR DB to Active Directory. After FIM Full sync, every day, all AD users attribute whenChanged (and modifiedTimestamp) has been modified with actual date, even if attrubute no changed. This is trouble, because I need export changed users with custom script.

    Why whenChanged attributes modified? how protect it from modify if has no changes in FIM?

    Thursday, January 25, 2018 7:01 AM

Answers

  • An AD user object will change its whenChanged attribute when the object is modified.  You should see any updates in the Operations tool of the FIM Synchronization Service Manager.  You can also use the repadmin commandline tool to look at AD and determine which attributes are being changed to update the whenChanged as shown below.  You can then troubleshoot from there.

    • Marked as answer by Marsel_Il Friday, January 26, 2018 11:24 AM
    Thursday, January 25, 2018 5:20 PM

All replies

  • An AD user object will change its whenChanged attribute when the object is modified.  You should see any updates in the Operations tool of the FIM Synchronization Service Manager.  You can also use the repadmin commandline tool to look at AD and determine which attributes are being changed to update the whenChanged as shown below.  You can then troubleshoot from there.

    • Marked as answer by Marsel_Il Friday, January 26, 2018 11:24 AM
    Thursday, January 25, 2018 5:20 PM
  • Great! I find problem with this commands, my pwdLastChange synced and unicodePwd is not setted to Initial Only. Thanks!
    Friday, January 26, 2018 11:26 AM