Over the last couple of weeks troubleshooting a separate issue, the customer has been reporting that some users hadn't been assigned licenses. In some cases this was due to accounts in error, but in others it has turned out to be that the delta imports from the corresponding IdentityBroker adapter (run on change detection by Event Broker) have not included changes that they should have. Such changes are only surfaced to MIM after a MIM MA full import (delta sync) is subsequently run.
To mitigate this problem, a twice-daily full import/delta sync operation across both IdB adapters is being performed. Over the last 4 days since this has been in place, a number of changes continue to be surfaced in the full import some 10 minutes after the last delta import. The latest of these FI runs which returned 5 changes was run at 7:07 am on Saturday 3rd December - at a time when there should be no business activity happening in any geographic region for QBE.
Investigations into SQL queries such as the following identified identities where a MODIFY change entry was present without a corresponding INSERT:
SELECT * FROM [Unify.IdentityBroker50].[dbo].[ChangeLog] WHERE TargetDistinguishedName = 'CN=bob,OU=container,DC=IdentityBroker'
Filing this against the O365 connector because it happened to be for the related adapter - but it is likely this is a generic problem unrelated to a specific connector (i.e. am seeing FI steps return records consistently for both AD and AAD-based adapters)
Re-opened issue QBE-51 previously raised for this issue.
Customer support service by UserEcho