Q202672: What user statuses are ignored during a polmerge?

Question

What user statuses are ignored during the polmerge (Merge ManageSoft Policy, Reconcile ManageSoft directory tables with AD) process e.g. Disabled users etc?

 

Answer

Polmerge will ignore users with any of the following bits set on userAccountControl
0x2 is UF_ACCOUNTDISABLE
0x100 is UF_TEMP_DUPLICATE_ACCOUNT
0x800 is UF_INTERDOMAIN_TRUST_ACCOUNT
0x2000 is UF_SERVER_TRUST_ACCOUNT

 

If you get a verbose polmerge log by running with the -V5 option you should see messages like Skipping user XXX, userAccountControl 0xXXXXXXXX

 

You can use the ldifde utility to dump the users in AD to compare their userAccountControl flags. Eg via a command like ldifde -r "(objectClass=user)" -f result.log

Comments

Powered by Zendesk