An Active Directory (AD) Sync Changes operation queries the target Active Directory instance and determines whether any previously undetected changes have been made, using the Directory Synchronization Cookie method (see here for more information). A change token is assigned to its encapsulating operation list if a change has occurred for a specified filter since the last detected change.
This operation will check for changes across the whole Active Directory instance, including tombstones (deleted objects). It requires that the account being used has Replicating Directory Changes permission.
The Active Directory Sync Changes operation will always return changes on its first run. If this is not the case, it may mean that the account does not have sufficient access to the instance, or that the LDAP filter specified is not correct. Active Directory tools such as ADSI Edit and LDP.exe may prove useful in checking these credentials are correct and that expected changes will be successfully retrieved with the security settings specified.
The AD Sync Changes operation requires an operational target Active Directory instance to check for changes against. This target Active Directory server needs to be configured with a set of access privileges which will facilitate the connection details specified by the selected AD Agent.
The AD Sync Changes operation will only allow its encompassing operation list to begin execution if changes are detected in the target Active Directory instance.
In addition to the common configuration settings shared by all Changes Operations, the Active Directory Sync Changes operation requires the following by way of configuration:
|Filter||LDAP filter to apply to search results.|
|Domain||The target domain to check for changes, eg.
Customer support service by UserEcho