Question
What user statuses are ignored during the polmerge (Merge ManageSoft Policy, Reconcile ManageSoft directory tables with AD) process e.g. Disabled users etc?
Answer
Polmerge will ignore users with any of the following bits set on userAccountControl
0x2 is UF_ACCOUNTDISABLE
0x100 is UF_TEMP_DUPLICATE_ACCOUNT
0x800 is UF_INTERDOMAIN_TRUST_ACCOUNT
0x2000 is UF_SERVER_TRUST_ACCOUNT
If you get a verbose polmerge log by running with the -V5 option you should see messages like Skipping user XXX, userAccountControl 0xXXXXXXXX
You can use the ldifde utility to dump the users in AD to compare their userAccountControl flags. Eg via a command like ldifde -r "(objectClass=user)" -f result.log
Comments