Microsoft KB Archive/319977

= Deleting Provisioned Object Deletes Source Object =

Article ID: 319977

Article Last Modified on 5/28/2003

-

APPLIES TO


 * Microsoft Metadirectory Services 2.2 Service Pack 1
 * Microsoft Metadirectory Services 2.2 Service Pack 1

-



This article was previously published under Q319977



SYMPTOMS
When you delete a provisioned object from the connector space of a target management agent (MA), the object is also deleted from the source MA connector space and in the connected Active Directory.



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.



MORE INFORMATION
This behavior was observed at a site where two forests were synchronizing users as contacts for use by Microsoft Exchange 2000.

Example Scenario
Active Directory reflects an object into the metaverse, and this object is then provisioned into the connector space of another reflector MA. If the administrator deletes the downstream connector space object, the following items are also deleted:
 * The metaverse object.
 * The Active Directory connector space object.
 * The Active Directory connector space object.
 * The source object from the Active Directory connected directory.

When an object is provisioned by TAMA, it is marked with the msMMS-ManagedByProfile attribute set to TRUE. This makes it possible for the metaverse to maintain control of the object's creation and deletion. This means that the metaverse becomes the authoritative source, and it &quot;owns&quot; the object.

If TAMA has been mistakenly run against the source MA and has created objects for the target MA, both connector space objects are marked with the msMMS-ManagedByProfile attribute. If an object is deleted from the connector spaces or the metaverse, the associated connected directory objects are also deleted although the intent may have been to only remove a provisioned entry.

If you see this behavior the msMMS-ManagedByProfile attribute must be nulled out for the source MA. You can do so by either reloading all of the source objects into Microsoft Metadirectory Services (MMS), or by setting the attribute to NULL in the Advanced Attribute Flow rules. For example:

$msMMS-ManagedByProfile=$NULL

Keywords: kbprb KB319977

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.