dirsync query shows changes to an AD object that doesn't appear to exist

by Justin Cervero   Last Updated May 16, 2019 01:00 AM

AdamSync is crashing periodically. In troubleshooting we found that it's throwing an exception when it encounters what it thinks is an empty DN. I replayed the query using the dirsync cookie stored in the ADLDS configuration. Dumping the returned values I find the following object:

CN=SCCM Site Server\0ADEL:0b9efaf1-24cc-46a1-92ff-f6aa74254d3e,CN=Deleted Objects,DC=appd,DC=appstate,DC=edu
description 
objectguid 0b9efaf1-24cc-46a1-92ff-f6aa74254d3e
instancetype 4
isrecycled TRUE

As far as we can tell, that object no longer exists. We can't find it using any of our tools: User & Computers, LDP, ADSI Edit, AD Admin Center, AD Explorer, PowerShell queries (all using the deleted/recycled filters, extensions, and flags). We have considered that it may have hit its tombstone and been processed by the garbage collector since the date specified in the dirsync query. If that's the case, would the attribute change record continue to be returned? Indefinitely? If it hasn't been processed by the garbage collector why can't we find it?

AdamSync crashing due to the value seems to be a secondary effect or a different problem altogether.



Related Questions


Updated February 23, 2017 16:00 PM

Updated December 02, 2016 08:00 AM

Updated February 17, 2017 16:00 PM

Updated March 08, 2017 17:00 PM