Hi, I have a new AD driver on a vault tree, connected to a new AD. It is
a fairly stock configuration and I have done many AD drivers in the past
with no issues. On this deployment I am having issues with the sync of
Group memberships to AD. I can migrate the Groups over to AD without any
issue (which are in a separate OU from the users), and the associations
appear all correct. When I try and migrate users over to AD the users do
not get created, remain in a Migrate state, and the AD subscriber
channel log throws: -Error <status level="error">Code(-9145) Error in
: Unable to determine target object for action
The driver config was done from the template in Designer, and has a few
minor mods such as Changing Deletes to Remove Association on the
Publisher Channel, Vetoing anything for 2 unneeded OUs on the
Subscriber channel, but is otherwise stock Designer template AD driver
config. If I disable the NOVLADDCFG-sub-ctp-GroupMemberResolution
policy, the users get created in AD, but the other thing is that they
get created and are disabled, which then the disable syncs back through
the publisher channel all the way back to the edir production tree. IDM
is V4.0.2.6, AD Driver is, Windows 2008 R2. Any assistance on
this would be great as I have not been able to track down this issue.
Mark Currie

mcurrie's Profile: https://forums.netiq.com/member.php?userid=2014
View this thread: https://forums.netiq.com/showthread.php?t=52363