CA Service Management

I am trying to determine why some service accounts are syncing via LDAP and others are not. We need an existing AD account to sync with Service Desk to allow for Web Service access. When I go to the account there is not visible differences between it and those that are syncing. I have tried to manually sync the account after creating it and the Merge with LDAP produces no results. Is there something with the schema that I am missing and can't see by looking in AD that would affect this?  I looked in the mods file and environmental files and have not identified any potential causes. I have also confirmed that is in the User group like all other accounts and service accounts. I thought maybe because something mandatory was missing, but the other accounts are missing e-mail parameters and other identifying information and still syncing.

Hi Jessie, 

Most likely there is a difference in the hierarchy somewhere - such as the OU or something which is not being included in your search base, thus it doesnt see that account in AD.   Compare the location in AD of both accounts and then check your search base and base DN to see if its looking at the right level that would include that user which you are trying to sync.

Hope this helps,

Thanks,

Jon I.

Jessie, I think you would need to look at ldap.maj/ldap.mod, together with the output from pdm_ldap_test, to investigate why those are not synced...that is, why the mismatch between SDM contact repository and AD accounts.

ldap.maj/ldap.mod gives you the mapping and pdm_ldap_test gives you the AD structure of the account like

DN: CN=aixmail,CN=Users,DC=kirklandsd,DC=ca,DC=com

Hope this helps you start investigating. thanks _Chi

Hi Jesse,

You may run this command on AD  :   dsquery -name -user "Administrator"   This will give you the structure of the contact ..    Get the details of working and non working contact. along with the output of pdm_ldap_test.

~Vinod.