I see in DS that it is unable to synchronize any longer, there is an information window which show s the last synchronization time (attempt) and the status as fail. I can not find any more information.
On the server hosting LFDS, there should be additional information in the Event Viewer logs.
No luck finding anything in the logs, there is just an operational log in there.
That log is where I've found sync errors
If I can add a gripe to this thread, when a user is removed from AD, it seems that DS keeps trying to sync that user anyway. The license does go inactive, fortunately. The sych throws an error, but there is no information in the error about which user caused it. You do get a GUID, but that's not exactly intuitive.
Ah yes - My VAR MCCi has an open ticket with Laserfiche about this. I have 124 'zombie' users in LFDS with no license that have been removed from AD. So when LFDS synchronizes AD every hour, I get 124 errors in the event log.
That's interesting.
We have a lot of users so there's a fair amount of people coming and going and I've never seen any errors that were caused by users being deleted from AD.
What settings do you have enabled for AD Synchronization?
With the following settings, our disabled users first just lose their licenses but remain in the list, then after a certain amount of time they get disabled in LFDS, then they get deleted when AD clears the account tombstone.
When we made the change it didn't appear to be retroactive, so we still had to go back and clear out the previously deleted accounts, but we never had an errors, and once we changed the settings it maintained itself.
I have my LFDS set to not wait for AD to clear out tombstones now. Originally it was set the same as yours but with synch every 1 hours.
Here is the non-specific error I get once for each account without a license:
Which version of LFDS are you running? We ran into a few issues when we tried to update to 10.4 so we're still on 10.3
We're on 10.4.2.10
Okay, so it may be a 10.4 issue.
Hi Chad,
Can you try initiating a sync manually and see if the sync still fails? If so, check the Laserfiche>Directory Service>Server>Operational trace log for errors once you see the "Synchronization failed" message in the LFDS UI.
Hi Chase
The sync is no longer failing, they eventually found it was because they had renamed a group in active directory. The group was one of the groups listed in the sync rules and somehow renaming it in AD, cause the entire sync to fail.
I did look in that Operational log though in real-time while reproducing a sync failure and could not find any messages.