none
MIM 2016 deprovisioning OU's RRS feed

  • Question

  • Hi

    i'm using MIM 2016 synchronization service without portal. I can provision users and groups from domain A to domain B. If a user ou is missing in domain B the synchronization task creates them. If i delete the user ou with the user in domain A the synchronization task will only delete the user - not the ou? Why is that happen and how can i get a clean synchronization.

    Kind regards

    derhoeppi

    Thursday, December 22, 2016 10:54 AM

All replies

  • This is the expected behavior. The hierarchy provisioning that you're using doesn't also do deprovisioning.

    Thanks,
    Brian

    Consulting | Blog | AD Book

    Friday, December 23, 2016 5:12 AM
    Moderator
  • Hi Brian,

    should it be that i have no option within synchronization service to deprovision an empty ou? Where is the diffrence to an user or group object? I synchronize (one way) from another domain an would an 1:1 sync.

    Friday, December 23, 2016 4:39 PM
  • You would need to bring all of your OUs in to MIM and have provisioning code (or sync rules) trigger deprovisioning of the OUs.

    Thanks,
    Brian

    Consulting | Blog | AD Book

    Friday, December 23, 2016 4:40 PM
    Moderator
  • Hi Brian,

    thanks for your hint. I added some lines to my provisioning code. Now i'm able to provision new OU's´on my target MA. If i delete an OU in my source MA then i could delete them in my target MA - function works. But i need one delta import with source MA and then two times delta sync on source MA and export on target MA in change.

    Thats because the OU is at the first time not empty. But with the same time (export on target MA) i will delete the  content of those OU. Is there a way to force the deletion if i would do so? 

    Saturday, December 24, 2016 1:44 PM