Resolution
Can DMA be used to automatically synchronize accounts between the source and target domain?
fix
DMA is not designed for synchronization between two domains. DMA is able to update target account information if the changed source accounts are selected and remigrated with the option 'Replace and Update conflicting accounts' enabled in the 'Naming Conflicts' screen. However, there is a workaround available that may help you achieve a 'synchronized' environment. This workaround will only be effective if the group is managed strictly from the source domain.
- Set up a task by running a project with Delegation Mode set to ON.
- In the project, complete the steps necessary to perform a User or Group Migration.
- Turn Delegation Mode OFF.
- Run the task from the CLI at set intervals.
Please refer to NETIQKB4010 for detailed information on preparing a task to be run via the DMACLI.
Ensure that the option to 'Remove existing group members' is selected IF you want the target group to look EXACTLY like the source group. If this option is NOT used, members who have been added to the source will be added to the target, but members who have been removed from the source group will still exist in the target group. Please note that using this option will remove any users that have been added to the target group, regardless of whether or not they were migrated accounts.
note
Please contact Technical Support to create a `Support Request` for any issues you encounter that are not addressed by the User Guide, any Knowledge Base articles found on the website, or current Hotfixes available for download.