Active Directory Sync

Similar Messages

• Cannot install Windows Azure Active Directory Sync tool on Server 2012 w/ SQL Server 2012

  I went to change a user password on the server today and after changing the password I logged into the SQL server to run “Import-module dirsync” & “Start-onlinecoexistencesync” in powershell in order to sync the new password with Exchange Online. After
  waiting ten minutes I tried setting up the email on the user’s PC but the new password was not being accepted. I logged into Office 365 and I got the following warning.
  "Warning: Last synced more than 3 days ago | Troubleshoot"
  So I pressed troubleshoot and the site installed a tool on the server to try and find out what the issue was. After the tool ran it told me that the version of dirsync.exe was out of date and that I should download the new one and install it. So I downloaded
  the new dirsync.exe (version 7020 I believe) and tried installing it. I kept getting error after error, different ones to boot.
  First it told me I wasn’t part of the FIMSyncAdmins group (so I added myself), then it told me that it could not connect to MIIS server,  so I tried starting it and windows said that there was a problem with the sign on used by the service so I had
  to reset the password for the local user named “AAD_bfd1d6f0cef7” which was being used by that service. The service started successfully and when I went to install it told me I could not and if the problem persisted I should uninstall the old version and reinstall.
  Looking in the log file, before I even install the software I see the following Information...
  Level: Information
  Date: 2015-03-24 12:49:17 PM
  Source: Directory Synchronization
  Event ID: 0
  Task Category: None
  "The current configuration of the Windows Azure Active Directory Sync tool is invalid. Please reinstall the Windows Azure Active Directory Sync tool."
  So I tried to reinstall (i even manually uninstalled the old version and removed the folder in C:\Program Files\ called "Windows Azure Active Directory Sync") and on reinstall I get as far as "Installing Components" and then after a little
  while it errors out with the error "The install was unable to setup a required component. Check the event logs for more information. Please try the installation again and if the error persists, contact Technical Support. "
  Looking at the log file there are a bunch of new entries, created by the installer. There's over 300 new entries and I can not post them all here due to character count restriction. you can find the log file here...
  www.clarkfreightways.com/wp-content/uploads/2015/03/dirsync_log.txt
  Can anyone tell me what is going on, I've been looking through the log files and I can see errors but I'm not sure what to do to fix it.

  Greetings!
  Wanted to know if you've hosted the DirSync tool (latest version) on a VM? Also, if this is deployed in a Production or Lab environment? If it's a lab setup, you may
  try installing the DirSync on a new VM / Server (suspecting that it could be some machine related issues).
  Here's a Support KB helping with different errors:
  http://support.microsoft.com/en-us/kb/2684395
  If its a production environment, would suggest to raise a
  Technical Support Ticket for assisting further with break-fix.
  Thank you,
  Arvind 

• Windows Azure Active Directory Sync Setup

  Hi,
  Currently trying to install Windows Azure Active Directory Sync tool for use with Office 365.
  After five attempts to install the Sync Tool, I finally had some luck, now I am configuring the Sync tool and have been given the following error "A constraint violation occurred"
  In looking at the event logs this is the information I get:
  System.Management.Automation.CmdletInvocationException: A constraint violation occurred. ---> System.DirectoryServices.DirectoryServicesCOMException: A constraint violation occurred. at System.DirectoryServices.DirectoryEntry.CommitChanges() at Microsoft.Online.DirSync.Common.DirectoryServicesAdapter.DirectoryEntry.CommitChanges()
  at Microsoft.Online.Coexistence.PS.Config.EnableMSOnlineRichCoexistence.GrantWritePropertyPermission(SecurityIdentifier securityIdentifier, String groupDn) at Microsoft.Online.Coexistence.PS.Config.MSOnlineRichCoexistenceBase.GrantPermission(Action`2 grantPermissionAction)
  at Microsoft.Online.Coexistence.PS.Config.EnableMSOnlineRichCoexistence.InternalBeginProcessing() at Microsoft.Online.Coexistence.PS.Config.MSOnlineConfigCmdlet.BeginProcessing() at System.Management.Automation.Cmdlet.DoBeginProcessing() at System.Management.Automation.CommandProcessorBase.DoBegin()
  --- End of inner exception stack trace --- at System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input) at Microsoft.Online.DirSync.PowerShellAdapter.PowerShellCommand.ExecuteCommand(Command command, Boolean refreshPath)
  Suggestions?
  Thanks

  Hi,
  According to your description, it seems that you have installed Azure Active Directory Sync tool successfully, right? What configuration have you done when you got that error message?
  Firstly, I recommend you to check the event logs for more detailed information about this issue.
  In general, it is recommended to install the Directory Sync tool on a member server rather than a Domain Controller. If you installed Azure Active Directory Sync Tool on a Domain Controller, please uncheck “Start Configuration Wizard now”
  checkbox and then log off and log in again to configure the Azure Active Directory Sync Tool Configuration Wizard. If you forget to follow the above process, the Configuration Wizard will return an error "Constraint Violation Error".
  Besides, please also check the permission of the system account. You can add it into the built-in Administrators group in your on-premise domain to see if the issue persists.
  More information:
  HowTo: Install the Windows Azure Active Directory Sync Tool
  Best regards,
  Susie

• Connect Active Directory Sync Error - operation-size-error

  We are on Connect 9. We have our Active Directory Sync running once per day. I received a sync log error as follows:
  E-Learning-All-Empl-grps
  G
  error
  Change$Update$Group: SyncTargetException: StatusException$OperationSizeError: <status code="operation-size-error"/>
  The E-Learning-All-Empl-grps is a distribution list in Active Driectory that is used to contain one of 9 sublists. Each sub-list has up to 800 names. This was to get around an earlier issue with their being a limitation when we are on Breeze that only a max of 800 names could be in any group.
  What does this error mean and how can I correct this?
  Dave

  I tried all of this, I still can not bind my Mac 10.6.3 to Microsoft Windows 2003 R2 Active Directory, and the failure I receive that Time settings between both computers is not synced although the time is the same on both machines, and I restart the NNTP on Windows Server, and added the Active Directory IP Address on the Date & time Settings on Mac.
  Any Help

• Exchange and EOP and "Windows Azure Active Directory Sync tool".

  Hi,
  Since we are using our on-premises Exchange server and Microsoft EOP only for spam filter, and
  we are not using the EOP created domain "XXXX.onmicrosoft.com" for anything.
  Technically speaking, do we require
  "Windows Azure Active Directory Sync tool" to be installed and synchronizing all our AD to the EOP!
  Thanks,

  The Windows Azure Active Directory Sync Tool allows you to filter mail in EOP for nonexistent recipients.  This is a pretty useful antispam feature that you'll be forgoing if you choose not to deploy the tool.
  Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

• Does EOP for in house accounts require Active Directory Sync?

  Is it just me, or is the documentation on Office 365 filled with contradictions and not written in a way that's understandable, even for seasoned IT pros?
  In short, does EOP require Active Directory to use non cloud accounts?
  I'm having a problem with spam on a NON Active Directory integrated mail server.  Nowhere in any online documentation that I found (about 10 hours of googling) says that AD is required to implement EOP.
   To the contrary:
  See here: http://technet.microsoft.com/en-us/library/jj871669(v=exchg.150).aspx
  Q. Does the service work with legacy Exchange versions (such as Exchange Server 2010) and non-Exchange environments?
  A. Yes, the service is server agnostic and can be used with any SMTP mail transfer agent.
  But when I attempt to use EOP with my office 365 accounts, with local email (not exchange online), my mail is bounced because the accounts aren't found.  If I create exchange accounts, mail doesn't come to my local server, it stays at exchange online.
  Am I missing something?

  Hi,
  changing the domain type to Relay disables the edge blocking feature where e-mails to invalid users are blocked by EOP. In my eyes this is a very important feature so you should use one of the following ways to have the valid recipients in EOP:
  http://technet.microsoft.com/en-us/library/dn636911(v=exchg.150).aspx
  Greetings
  Christian
  Christian Groebner MVP Forefront

• Bulk Uploading of New Users without Active Directory Sync. Possible?

  Hello,
  WithOUT Active Directory synchronization, is it possible to do a bulk upload of 100+ users onto Project Server 2013 (Online)?  If so, how?
  In addition, can these new users be setup to default with “User can be assigned as a resource"? 
  Thanks in advance,
  \Spiro Theopoulos PMP, MCITP. Montreal, QC (Canada)

  Hi,
  it is possible, but not completely.
  If you select at least one resource in Resource Center and click "Open", this resource is opened for editing in client. At this place, you can add your new resources with all fields (and Default Booking Type), e.g. with copy/paste from some other
  source. They are added as resources. However, editing column "User Logon Account" is disabled, so you can't add this information in client. You need to do this afterwards from Resource Center for each single resource.
  And yes - I agree: This is very inconvinient!
  Regards
  Barbara
  To increase the value of this forum, please mark the replies that helped to solve your issue as answer. If you find answers to questions from other forum participants to be helpful, please mark them as helpful. Your participation will help others to find
  an appropriate solution faster. Thanks for your support!

• Configuration Help - Sun Java Directory 5.2 and Active Directory Sync

  Don't know what I am skipping... but I get stuck with no Domain Controllers showing up in the pick list, when configuring an Active Directory Resource.
  I am using DS 5.2.P4 on Windows 2003 Sp1 server, along with Indentity synchronization for windows (ISW) 1 2004Q3 SP1.
  I have the installtion manaul and can not get past step 6 of creating an Active Directory Source, becuase no Domain Conroller show up in the pick list, nor can I specify one. I have verified that one of the Domain Controllers is configured as Single Master Operations Role in the AD.
  Any help on this matter would be greatly appreciated.
  Thanks,

  nebiyou1 wrote:
  1. Is Messaging Server 5.2 compatible with Sun Java Directory Server 6.3?This is obviously not a tested (or supported) combination. That being said I'm not aware of any particular issues with MS5.2 and DS6.3.
  If Yes, any documents on how to migrate Messaging Server from pointing to Directory Server 5.2 to 6.3?No.
  2. Can Messaging Server 5.2 p 2 run on Solaris 10?Yes. However you need to upgrade to 5.2hf2.18 (last hotfix released) to address known Solaris 10 issues e.g.
  5108758 Dispatcher incorrectly determines Solaris 10 version
  You can get a copy of iMS5.2hf2.18 from Sun support.
  Regards,
  Shane.

• CUCM 10.0.1.10000-24 Active Directory Sync - Directory URI cleared after sync

  Hi,
  I would like to know if it is intended or bug when AD sync is performed each time it clears Directory URI field even I have selected it in mapping to <None>.
  Because I have different domain for Jabber URI dialing than email domain I need to fill it up manually, but performing sync other data from AD.
  Thanks

  isn't there any workaround how to sync users from LDAP but have Directory URI for user set manually?
  I need to set it up due IM and Presence as I have domain in email format for Lync Server 2013 and now I need another domain for CUCM and IM and Presence as it couldn't coexist on same domain. Or it could?

• Project Online - Active Directory Sync runs automatically

  Hi,
  Once configured the AD sync in Project Online, I want to know if it will occur automatically when the AD group is upgraded, or if it is necessary to enter the PWA and perform manually.
  My synchronization occurs with a security group of Office 365.
  Is there a way to schedule this process?
  Thanks.
  Emmanuel BC

  Hello,
  There is a PSI method you run the AD sync:
  http://msdn.microsoft.com/en-us/library/gg225862(v=office.15).aspx
  If this was on-prem you could easily call this using PowerShell but that would be a little more difficult for Project Online. You can access the PSI is Project Online but you have to work out how to authenticate against Project Online PSI. You can do this
  in code quite easily so it is possible but I have not tried in PowerShell.
  Paul
  Paul Mather | Twitter |
  http://pwmather.wordpress.com | CPS

• Unable to install Directory Sync tool in windows server 2008 R2 Eneterprise

  Hi,
  I am unable to install Directory Sync  in windows server 2008 R2 Eneterprise.i have joined my machine domain joined computer running Windows Server 2008 r2 enterprise,when i click dirsync.exe then gives below Error.
  The Windows Azure Active Directory Sync tool must be installed on a domain joined computer running Windows Server 2008 Service Pack 2 or later,or Windows Server 2008 r2 Service Pack 1 or later
  Please help on this why this happing when i try to installed DirSync software.
  Regards
  Anil Kumar

  Hi,
  have you already installed .net framwork 3.5 and 4.5.1 on that machine?
  http://technet.microsoft.com/en-us/library/jj151831.aspx
  Also make sure that you run the install command from an elevated command prompt.
  Hope that helps,
  Lutz

• Reinstalling AD Directory Sync

  I started seeing a lot of sync errors in on my ADFS server with Directory Sync installed. At first I thought it was due to an expired password, which I reset. However, when I went to update the credentials in the Sync Tool, it was throwing errors (argument
  cannot be null), and would not get past the service account credentials. I am now trying to reinstall the directory sync tool but the event logs indicate a problem installing SQL Express. Which I've in
  1)Database 3 cannot be autostarted during server shutdown or startup.
  2)The SQL Server Network Interface library could not deregister the Service Principal Name (SPN) [ MSSQLSvc/ADFSServer.domain.com:MSONLINE ] for the SQL Server service. Error: 0x200b, state: 15. Administrator should deregister this SPN manually to avoid
  client authentication errors.
  3)Microsoft SQL Express install returned error code -2068119551.
  4)Failed to uninstall the synchronization service. Error code:Could not find C:\Program Files\Windows Azure Active Directory Sync\Microsoft.Online.DirSync.Scheduler.exe. Please uninstall and reinstall the Windows Azure Active Directory Sync tool. Log off
  and back in and then run the uninstallation again. If the error persists, contact Technical Support.
  5)A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections.
  (provider: SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified).
  Any thought on how to get this reinstalled and my sync going again?

  only those objects you wish to sync
  Mike Crowley | MVP
  My Blog --
  Planet Technologies

• Is it possible to switch from Office 365 online user management to Active Directory after Exchange online migration?

  If we utilize the Cutover method to migrate from on-premise Exchange (2007) to Office 365, which to my understanding will hand over user management/authentication to Office 365 online during the process, is possible to later switch from Office 365 user management
  to Active Directory (synced to a future local domain, or even possibly via AD federation single sign-on)? If so, how difficult is this process and is there any documentation available?
  Asking this because the organization  I'm working for plans to upgrade (re-do actually) its entire infrastructure. There will be a completely brand new domain/AD set up that's totally unrelated to the old one. At the same time, we also plan to migrate
  all emails (previously hosted locally on Exchange 2007) to Office 365 and get rid of local exchange. Now because we will set up new domain, we do not want to carry over the older AD to the cloud, hence we will not use the "Staged Migration". 
  So the plan is to to use "Cutover" migration first, which means all authentications will become Office 365 managed. That's fine for now. But later, after we set up our new domain and AD controller etc, we'd like to have Exchange Online switch back
  to syncing with our new on-premise AD. We'd also like to consider the AD Federation Services if it's not too complicated to set up.
  Your advice on this would be greatly appreciated!

  In principle, you cannot sync back from the cloud AD to the on-prem, yet. But you can take advantage of the soft-matching mechanism once you have the new AD in place:
  http://support.microsoft.com/kb/2641663
  Be careful though, as the moment you turn on Dirsync, all the matching users in the cloud will have their attributes overwritten. A very good idea is to do an 'export' of the cloud AD first, using the WAAD module for PowerShell and the Get-MsolUser cmdlets,
  which you can then use to compare or import data in the new on-prem AD. Some links:
  http://technet.microsoft.com/en-us/library/hh974317.aspx
  http://msdn.microsoft.com/en-us/library/azure/dn194133.aspx

• Active Directory Enterprise Resource Pool Synchronization

  I'm running in to an issue with Project Server 2013 that has me pulling my hair out.  A co-worker and I switched it over from SharePoint Permissions Mode to Project Permissions Mode and are trying to set up AD Enterprise Resource Pool synchronization. 
  I go in to Server Settings --> Operational Policies --> AD Resource Pool Synch and try to add 1 to 5 groups.  The groups resolve (actually autocomplete) and appear correctly.  If iclick Save or Save & Synchronize Now, nothing happens. 
  No page refresh, no redirect, etc.  If I go in to Security Settings --> Manage Groups, I can edit one of the built-in PWA groups and add the AD group, click save, and get redirected back to Server Settings.  But then going back in to the newly
  edited group, the AD Group field is empty; and on the Manage Groups page the "Active Directory Group" and  "Last Sync" columns are empty.
  I would chalk this up to an AD issue, but I have no problem using the same account to add an individual user as an Enterprise Resource and tie it to an AD account, so I can only assume that this account has all of the permissions required for AD and it can
  query and resolve fine.  Does anyone have any idea what could be going on, or possibly some step I might have missed when setting this up?
  Thanks in advance.

  I know it looks like a different issue, but that is the only thing logged in ULS regarding Project Server at the time of trying to do the sync.  If it helps, I can provide another log and see if something else comes up, but I did watch the ULS Viewer
  at the time and the same errors kept popping up when trying to do the sync.
  Also, the "other environment" is just a second instance of PWA on the same SharePoint farm, so it's not a separate environment completely.  Using the same AD groups, so there shouldn't be any discrepancies.  It's not the best test I know,
  but I'm still in the middle of setting up an AD test environment and trying it from there, just to see if it's an issue with my SharePoint installation or PWA installation.
  Edit:
  Here's a full verbose log:
  09/11/2013 10:31:49.19    w3wp.exe (0x3BE0)    0x0DDC    Project Server    Security    agsdb    Verbose    PWA:http://portal2013/PWA, ServiceApp:Project
  Server Service Application, User:i:0#.w|*****\sharepointfarmsvc, PSI: Calling license check now; Thread.CurrentPrincipal.Identity.Name = 0#.w|*****\sharepointfarmsvc, Context.Username = i:0#.w|*****\sharepointfarmsvc, LogLevelManager Warning-ulsID:0x001920C1
  has no entities explicitly specified.    c4f9419c-7789-a0b9-3d4a-941ceb42b25f
  09/11/2013 10:31:49.19    w3wp.exe (0x3BE0)    0x0DDC    Project Server    Security    agsdc    Verbose    PWA:http://portal2013/PWA, ServiceApp:Project
  Server Service Application, User:i:0#.w|*****\sharepointfarmsvc, PSI: License check for BusinessObject method Admin.GetActiveDirectorySyncEnterpriseResourcePoolSettings2 passed - user i:0#.w|*****\sharepointfarmsvc (resuid=806f917d-85b6-e211-93ef-00155d0a5600)
  was licensed, LogLevelManager Warning-ulsID:0x001920C2 has no entities explicitly specified.    c4f9419c-7789-a0b9-3d4a-941ceb42b25f
  09/11/2013 10:31:49.19    w3wp.exe (0x3BE0)    0x0DDC    Project Server    Security    agwmc    Verbose    PWA:http://portal2013/PWA, ServiceApp:Project
  Server Service Application, User:i:0#.w|*****\sharepointfarmsvc, PSI: Access Granted for user i:0#.w|*****\sharepointfarmsvc on BusinessObject method Admin.GetActiveDirectorySyncEnterpriseResourcePoolSettings2.  CheckFarmAdmin=False, CheckGlobalPerms=True,
  LogLevelManager Warning-ulsID:0x00196302 has no entities explicitly specified.    c4f9419c-7789-a0b9-3d4a-941ceb42b25f
  09/11/2013 10:31:49.19    w3wp.exe (0x3BE0)    0x0DDC    Project Server    General    ad2n8    Verbose    PWA:http://portal2013/PWA, ServiceApp:Project
  Server Service Application, User:i:0#.w|*****\sharepointfarmsvc, PSI: Running command using non-transactioned Sql session., LogLevelManager Warning-ulsID:0x000DC362 has no entities explicitly specified.    c4f9419c-7789-a0b9-3d4a-941ceb42b25f
  09/11/2013 10:31:49.19    w3wp.exe (0x3BE0)    0x0DDC    Project Server    Administration    agmy5    Verbose    PWA:http://portal2013/PWA, ServiceApp:Project
  Server Service Application, User:i:0#.w|*****\sharepointfarmsvc, PSI: GetActiveDirectorySyncEnterpriseResourcePoolSettings2: Settings retrieved, Status=NeverRun, LastUpdateTime=01/01/0001 00:00:00, ScheduledUpdates=False, ADGroupGuidCount=0, LogLevelManager
  Warning-ulsID:0x0018C61F has no entities explicitly specified.    c4f9419c-7789-a0b9-3d4a-941ceb42b25f
  09/11/2013 10:31:49.19    w3wp.exe (0x3BE0)    0x0DDC    Project Server    Security    agsdb    Verbose    PWA:http://portal2013/PWA, ServiceApp:Project
  Server Service Application, User:i:0#.w|*****\sharepointfarmsvc, PSI: Calling license check now; Thread.CurrentPrincipal.Identity.Name = 0#.w|*****\sharepointfarmsvc, Context.Username = i:0#.w|*****\sharepointfarmsvc, LogLevelManager Warning-ulsID:0x001920C1
  has no entities explicitly specified.    c4f9419c-7789-a0b9-3d4a-941ceb42b25f
  09/11/2013 10:31:49.19    w3wp.exe (0x3BE0)    0x0DDC    Project Server    Security    agsdc    Verbose    PWA:http://portal2013/PWA, ServiceApp:Project
  Server Service Application, User:i:0#.w|*****\sharepointfarmsvc, PSI: License check for BusinessObject method Admin.ResolveActiveDirectoryGroups passed - user i:0#.w|*****\sharepointfarmsvc (resuid=806f917d-85b6-e211-93ef-00155d0a5600) was licensed, LogLevelManager
  Warning-ulsID:0x001920C2 has no entities explicitly specified.    c4f9419c-7789-a0b9-3d4a-941ceb42b25f
  09/11/2013 10:31:49.19    w3wp.exe (0x3BE0)    0x0DDC    Project Server    Security    agwmc    Verbose    PWA:http://portal2013/PWA, ServiceApp:Project
  Server Service Application, User:i:0#.w|*****\sharepointfarmsvc, PSI: Access Granted for user i:0#.w|*****\sharepointfarmsvc on BusinessObject method Admin.ResolveActiveDirectoryGroups.  CheckFarmAdmin=False, CheckGlobalPerms=True, LogLevelManager Warning-ulsID:0x00196302
  has no entities explicitly specified.    c4f9419c-7789-a0b9-3d4a-941ceb42b25f
  09/11/2013 10:31:49.19    w3wp.exe (0x3BE0)    0x0DDC    Project Server    Active Directory Sync    af8v6    Verbose    PWA:http://portal2013/PWA, ServiceApp:Project
  Server Service Application, User:i:0#.w|*****\sharepointfarmsvc, PSI: ResolveActiveDirectoryGroups; resolving encodedClaims=c:0+.w|s-1-5-21-2100168755-2748282862-3037512304-1280, LogLevelManager Warning-ulsID:0x00162560 has no entities explicitly specified.  
   c4f9419c-7789-a0b9-3d4a-941ceb42b25f
  09/11/2013 10:31:49.19    w3wp.exe (0x3BE0)    0x0DDC    Project Server    General    ad2n8    Verbose    PWA:http://portal2013/PWA, ServiceApp:Project
  Server Service Application, User:i:0#.w|*****\sharepointfarmsvc, PSI: Running command using non-transactioned Sql session., LogLevelManager Warning-ulsID:0x000DC362 has no entities explicitly specified.    c4f9419c-7789-a0b9-3d4a-941ceb42b25f
  09/11/2013 10:31:49.19    w3wp.exe (0x3BE0)    0x0DDC    Project Server    Administration    agmy5    Verbose    PWA:http://portal2013/PWA, ServiceApp:Project
  Server Service Application, User:i:0#.w|*****\sharepointfarmsvc, PSI: GetActiveDirectorySyncEnterpriseResourcePoolSettings2: Settings retrieved, Status=NeverRun, LastUpdateTime=01/01/0001 00:00:00, ScheduledUpdates=False, ADGroupGuidCount=0, LogLevelManager
  Warning-ulsID:0x0018C61F has no entities explicitly specified.    c4f9419c-7789-a0b9-3d4a-941ceb42b25f
  09/11/2013 10:31:49.19    w3wp.exe (0x3BE0)    0x0DDC    Project Server    Active Directory Sync    af8vj    Verbose    PWA:http://portal2013/PWA, ServiceApp:Project
  Server Service Application, User:i:0#.w|*****\sharepointfarmsvc, PSI: Entered ActiveDirectoryUtility::TryGetGroupInfoByClaim, LogLevelManager Warning-ulsID:0x00162549 has no entities explicitly specified.    c4f9419c-7789-a0b9-3d4a-941ceb42b25f
  09/11/2013 10:31:49.19    w3wp.exe (0x3BE0)    0x0DDC    Project Server    Active Directory Sync    alv2g    Verbose    PWA:http://portal2013/PWA, ServiceApp:Project
  Server Service Application, User:i:0#.w|*****\sharepointfarmsvc, PSI: Querying for fqdn/netbios mapping of server *****, LogLevelManager Warning-ulsID:0x002D5706 has no entities explicitly specified.    c4f9419c-7789-a0b9-3d4a-941ceb42b25f
  09/11/2013 10:31:49.20    w3wp.exe (0x3BE0)    0x0DDC    Project Server    Active Directory Sync    af8vl    Verbose    PWA:http://portal2013/PWA, ServiceApp:Project
  Server Service Application, User:i:0#.w|*****\sharepointfarmsvc, PSI: Entered ActiveDirectoryUtility::TryGetGroupInfo, LogLevelManager Warning-ulsID:0x0016254B has no entities explicitly specified.    c4f9419c-7789-a0b9-3d4a-941ceb42b25f
  09/11/2013 10:31:49.20    w3wp.exe (0x3BE0)    0x0DDC    Project Server    General    aeby8    Medium    Error is: GeneralUnhandledException. Details: General
  Unhandled Exception in _Admin.ResolveActiveDirectoryGroups_ Attributes:  System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary.     at Microsoft.Office.Project.Server.ClaimsHelper.GetFormsAuthenticationProviderName(Uri
  context, SPUrlZone zone)     at Microsoft.Office.Project.Server.BusinessLayer.ActiveDirectoryUtility.TryGetGroupInfo(String domain, String searchPath, String searchFilter)     at Microsoft.Office.Project.Server.BusinessLayer.ActiveDirectoryUtility.TryGetGroupInfoByClaim(String
  encodedClaim)     at System.Linq.Enumerable.WhereSelectArrayIterator`2.MoveNext()     at System.Linq.Buffer`1..ctor(IEnumerable`1 source)     at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1
  source)     at Microsoft.Office.Project.Server.Wcf.Implementation.PWAImpl.<>c__DisplayClass10a.<AdminResolveActiveDirectoryGroups>b__109()     at Microsoft.Office.Project.Server.Wcf.Implementation.WcfMethodInvocation.InvokeBusinessObjectMethod(String
  businessObjectName, String methodName, IEnumerable`1 actions)  . Standard Information: PSI Entry Point:  Project User: i:0#.w|*****\sharepointfarmsvc Correlation Id: da702be3-ee1a-e311-93f8-00155d0a5600 PWA Site URL: http://portal2013/PWA SA Name:
  Project Server Service Application PSError: GeneralUnhandledException (42), LogLevelManager Warning-ulsID:0x00101622 has no entities explicitly specified.    c4f9419c-7789-a0b9-3d4a-941ceb42b25f

• Active Directory Not Syncing Correctly in ES2

  Hello,
  We had our Active Directory 2003 synced up using Adobe Livecycle ES.  There would be around 30,000 users that would be synced and this would take around 3 - 4 1/2 minutes to run.  This worked perfectly for us for the past half of a year or so.
  Last week we upgraded to ES2 and moved all of our processes over.  We removed ES and did a fresh install of ES2.  Everything seems to be working fine now except the Active Directory isn't syncing properly.  When we run the sync, different numbers of users will be fetched.  Sometimes it's around three thousand, sometimes seven thousand, sometimes ten thousand, but it never seems to get through them all.  In the server log it does say that the directory synchronization completed successfully though even though the number fetched is changing.  We made sure the settings are exactly the same as they were before, and we even tried a few different settings, but it still doesn't get all the users.  For testing purposes, we tried changing the search filter to pick specific people that aren't showing up during the normal sync and it will show up fine, so I'm wondering if there is something stopping it from going all the way through?
  We also have another enterprise domain connected which has around 2,000 users on it and have not had this problem with it.
  Here are some of the sync statistics from the past few syncs: (The active directory name has been stripped for security purposes).  If you need any more information please feel free to ask.  We would like to have this resolved as soon as possible.
  2010-05-30 21:02:51,366 INFO  [com.adobe.idp.um.businesslogic.synch.DomainSynchronizer]
  ========== Synch Statistics for ============
  Total User Fetched - 5633
  Total Group Fetched - 0
  Total Members Fetched - 0
  Total time taken is 110 sec
  [100.00%] [100.00%]Domain Synchronizer(2 runs) : Total 110,375 ms, Max 110359 ms, Min 16 ms, Avg 55187 ms
  --[99.99%] [99.99%]User and group phase(1 runs) : Total 110,359 ms, Max 110359 ms, Min 110359 ms, Avg 110359 ms
  ----[95.78%] [95.80%]Users synch from (6 runs) : Total 105,719 ms, Max 19141 ms, Min 14281 ms, Avg 17619 ms
  ------[1.18%] [1.23%]Provider (31 runs) : Total 1,298 ms, Max 109 ms, Min 31 ms, Avg 41 ms
  --[0.01%] [0.01%]Memberhsip phase(1 runs) : Total 16 ms, Max 16 ms, Min 16 ms, Avg 16 ms
  -------Persistence Statistics-------
  Users ->
  added = 8
  removed = 2568
  updated = 5625
  unchanged = 0
  renamed = 0
  failed = 0
  UniqueId changed = 0
  Groups ->
  added = 0
  removed = 0
  updated = 0
  unchanged = 0
  failed = 0
  UniqueId changed = 0
  Emails ->
  added = 8515
  removed = 106
  unchanged (In changed Principals) = 16784
  Group Members ->
  added = 0
  removed = 0
  unchanged = 0
  unknown = 0
  failed = 0
  -------Batch Statistics-------
  Successful User Batches = 113
  Failed User Batches = 0
  Successful Group Batches = 0
  Failed Group Batches = 0
  Successful Member Batches = 0
  Failed Member Batches = 0
  ======================================
  2010-06-02 21:03:43,692 INFO  [com.adobe.idp.um.businesslogic.synch.DomainSynchronizer]
  ========== Synch Statistics for ============
  Total User Fetched - 7140
  Total Group Fetched - 0
  Total Members Fetched - 0
  Total time taken is 165 sec
  [100.00%] [100.00%]Domain Synchronizer(2 runs) : Total 164,781 ms, Max 164750 ms, Min 31 ms, Avg 82390 ms
  --[99.98%] [99.98%]User and group phase(1 runs) : Total 164,750 ms, Max 164750 ms, Min 164750 ms, Avg 164750 ms
  ----[96.78%] [96.79%]Users synch from (8 runs) : Total 159,469 ms, Max 26719 ms, Min 3500 ms, Avg 19933 ms
  ------[1.01%] [1.05%]Provider (42 runs) : Total 1,667 ms, Max 109 ms, Min 15 ms, Avg 39 ms
  --[0.02%] [0.02%]Memberhsip phase(1 runs) : Total 31 ms, Max 31 ms, Min 31 ms, Avg 31 ms
  -------Persistence Statistics-------
  Users ->
  added = 8
  removed = 5
  updated = 7132
  unchanged = 0
  renamed = 1
  failed = 0
  UniqueId changed = 0
  Groups ->
  added = 0
  removed = 0
  updated = 0
  unchanged = 0
  failed = 0
  UniqueId changed = 0
  Emails ->
  added = 3340
  removed = 105
  unchanged (In changed Principals) = 33761
  Group Members ->
  added = 0
  removed = 0
  unchanged = 0
  unknown = 0
  failed = 0
  -------Batch Statistics-------
  Successful User Batches = 142
  Failed User Batches = 1
  Successful Group Batches = 0
  Failed Group Batches = 0
  Successful Member Batches = 0
  Failed Member Batches = 0
  ======================================
  2010-06-03 08:56:43,286 INFO  [com.adobe.idp.um.businesslogic.synch.DomainSynchronizer]
  ========== Synch Statistics for ============
  Total User Fetched - 2960
  Total Group Fetched - 0
  Total Members Fetched - 0
  Total time taken is 68 sec
  [100.00%] [100.00%]Domain Synchronizer(2 runs) : Total 67,984 ms, Max 67921 ms, Min 63 ms, Avg 33992 ms
  --[99.91%] [99.91%]User and group phase(1 runs) : Total 67,921 ms, Max 67921 ms, Min 67921 ms, Avg 67921 ms
  ----[96.37%] [96.46%]Users synch from (3 runs) : Total 65,516 ms, Max 23016 ms, Min 19766 ms, Avg 21838 ms
  ------[4.00%] [4.15%]Provider (17 runs) : Total 2,719 ms, Max 844 ms, Min 31 ms, Avg 159 ms
  --[0.09%] [0.09%]Memberhsip phase(1 runs) : Total 63 ms, Max 63 ms, Min 63 ms, Avg 63 ms
  -------Persistence Statistics-------
  Users ->
  added = 2
  removed = 6632
  updated = 2958
  unchanged = 0
  renamed = 0
  failed = 0
  UniqueId changed = 0
  Groups ->
  added = 0
  removed = 0
  updated = 0
  unchanged = 0
  failed = 0
  UniqueId changed = 0
  Emails ->
  added = 3
  removed = 1
  unchanged (In changed Principals) = 10035
  Group Members ->
  added = 0
  removed = 0
  unchanged = 0
  unknown = 0
  failed = 0
  -------Batch Statistics-------
  Successful User Batches = 60
  Failed User Batches = 0
  Successful Group Batches = 0
  Failed Group Batches = 0
  Successful Member Batches = 0
  Failed Member Batches = 0
  ======================================

  We do have quite a few that are missing an attribute, specifically:
  2010-06-06 21:05:47,579 WARN  [com.adobe.idp.um.businesslogic.synch.LdapHelper] Record [xxxx] is missing required attribute [objectSID] for canonicalName i.e uniqueIdentifier field
  This is something that was on our old system as well:
  2010-05-25 03:02:35,559 INFO  [com.adobe.idp.um.provider.directoryservices.LDAPDirectoryPrincipalProviderImpl] UserM:: [Thread Hashcode: 3010887] This record is missing a required attribute and cannot be used. Specifically CanonicalName is null. Common Name: xxxx
  We have many users in our active directory with just email accounts so that users are able to search for a name and find the email address in outlook.  I have checked through these and they look fine (though there are fewer entries in ES2 since there are fewer users being fetched).
  As for the locked users, here is what we received:
  2010-06-06 21:05:47,579 INFO  [com.adobe.idp.um.businesslogic.synch.LdapPrincipalProvider] Found [1257] locked users while synching. These users were ignored
  This sounds about right for the amount of users that were fetched. 
  If you have any more questions or ideas, please let us know.  We would like to have this resolved as soon as possible.  Thanks.