AD Import does not clear information removed from Active Directory
Last Updated October 20, 2016
We're getting the userAccountControl information on a computer object out of Active Directory (AD). Created a new dataclass, it's been working, but there is one problem. We have a schedule that runs an update every .5 hours and run a full every day. Neither one will remove old objects.
We entered this into the column mappings for a 'Computers' AD Import rule. If we look at the table ("Inv_ActiveDirectoryDetails") we still see resources as having data in this table. We truncate Inv_ActiveDirectoryDetails, then run a full, and we get the correct count. We need to know why this is not clearing when we do an import of AD objects; why is it not clearing out the old data no longer present in AD?
'Full' and 'Update' AD Import rules do not remove items that are no longer within the Active Directory (AD) structure being queried. We don’t have a way to know what machines were brought in through the AD Import and are no longer there so we update everything that is still in AD, but since these objects are not there the data remains the same. We have no way of checking to see that everything that was once brought in is checked so the 'Full' and 'Update' rules do not remove items that are no longer in Active Directory.
The current workaround is to create a job to truncate the Inventory table in question before the 'Full' update rule is run (in this situation it runs daily at 2:10AM). This will only bring in the currently active (in this instance) objects that we need.
The other option would be to enable the Active Directory Import Synchronization schedule; please see HOWTO9154 for more information. This can be found in the Console under Actions>Discover>Import Active Directory:
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe