Active Directory operations do not detect changes correctly

Beau Harrison (Senior Product Software Engineer) 7 years ago updated by anonymous 7 years ago 1


The Active Directory operations do not retrieve changes from the target instances correctly.

Affected Software

  • FIM Event Broker
  • Active Directory
  • Active Directory Domain Services
  • ADAM and ADLDS


Following changes to the Active Directory instance or target organizational unit, the operation fails to detect a change.


There are a number of reasons that Active Directory operations may not detect changes correctly:

  • The specified account does not have complete permissions to retrieve changes, and the Active Directory query returns no objects rather than an error message in some cases. Refer to Active Directory Changes and Active Directory Sync Changes for information on specific account requirements for each operation.
  • The target organizational unit or LDAP filter is incorrect, or does not contain the expected change. Ensure that the operation is configured correctly. Note that the AD Sync Changes operation cannot target a specific organizational unit.
  • Changes have not yet been replicated across domain controllers.
CHECK: Outcomes of queries may be determined by using a tool such as ADSI Edit or LDP.exe.
WARNING: Changes should always be detected by the first check of a new Active Directory operation.

Refer to an Active Directory expert or the Microsoft documentation for more information on specific configurations and instances.