Hi all! I have an 12.6.5 environment from a previous partner implementation (and with a lot of configurations not documented..). This version is going to upgrade to 14.1 in the following days, but it is still on 12.6.5.
We have found some strange scenario with the AD connector. At this time connector is only used to propagate password, enable disabled users and unlock locked ones. It performs a full explore/correlation every night.
I was reported that some accounts that where suspended on AD (through ADUC), where re-enabled by IdM (searching logs, eta-trans shows a resync event with eTSuspended=0 just about 30 seconds that AD log says that from IdM ip, user was re-enabled by the user configured in the connector).
I revised reverse sync policies, but I have no Reverse Sync Modified Account Policies (as this was happen to existing users).
Can be another place where some policy is reverting changes on AD if they are made on the target system instead of the user console, after correlating users?