FYI: sbadmcl to fix "...change attribute older than current users: Ignoring other changes"
I recently worked through an issue with encryption and the synchronization from active directory. I was getting errors in the MEE connector logs: "...change attribute older than current users: Ignoring other changes"
Seems some user attribute(s) were no replicating via connector. Troubleshooting revealed that after our recent AD upgrade the issue began, I had previously pointed the AD Connector to our new DC...
Thank to this forum, I looked at "uSNChanged” value, which wasn't replicated between old and new DCs. The “uSNChanged” value being higher in MEE than in AD would cause the connector job to ignore changes as was indicated in the connector logs. To verify, I manually edited the MEE User attributes “SbAdCon0.changes” to “0” for an individual account, the connector log (and MEE DB) indicate updated user attributes... yay.
So it seems that my issue was due to attributes in MEE being interpreted by MEE connector query (sBAdCon0.changes) as newer than that which is in AD within the “uSNChanged” field, therefore not updating…
Worked out a fix which seems to be working in test… scripting a two part fix to the MEE database using sbadmcl.exe
Step1: (The following will change the connector reference)
Thought I'd share my experience, since this forum has helped me in the past... and that the documentation (scripting tool guide) lists the -command:ChangeBindingname incorrectly as -command:changebinding which threw me for a loop.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.