Dear Francesco, I set FULL_RECONCILIATION pull mode, Matching rule: LINK, Unmatching rule: PROVISION and I checked Allow create, Allow update, Allow delete, Sync status.
This is a sample of active directory logs shows my service-account removed a member: --------------------------------------------------------------------------------------------------- MSWinEventLog 1 Security 183680475 Sat Jun 09 16:30:14 2018 A member was removed from a security-enabled global group. Subject: Security ID: S-1-5-21-1480964169-1710879411-3095655000-64665 Account Name: svc-24319 Account Domain: INTERNALDOMAIN Logon ID: 0x3eae1e4fb Member: Security ID: S-1-5-21-1480964169-1710879411-3095655000-36774 Account Name: CN=Elaheh Panahi,OU=Tehran,OU=Non-Staff,OU=Users,OU=Accounts,DC=internaldomain,DC=ir Group: Security ID: S-1-5-21-1480964169-1710879411-3095655000-22376 Group Name: fld-IS-L Group Domain: INTERNALDOMAIN Additional Information: Privileges: - 183680474", --------------------------------------------------------------------------------------------------- As you see the member removed at 16:30 but my pull task started at 14:21 and finished at 16:15 . I checked the user 'Propagation tasks' menu . there was an UPDATE operation at 16:30! I have not changed the user and I have not create any push task.. Screenshot of pull tasks and propagation tasks have been attached. Did i do anything wrong? On Mon, Jun 11, 2018 at 10:44 AM, Francesco Chicchiriccò < [email protected]> wrote: > On 10/06/2018 14:26, alireza ranjbaran wrote: > >> Hi, >> We have run a pull task on AD, it has removed some members of groups from >> active directory. >> We need to rollback and it requires membership remove logs. >> >> Who can I find membership propagation logs? >> > Hi, > if you are *pulling* from AD, it means that you are either using the > SEARCH or SYNC capability [1] (depending on the configured pull mode [2]) > on the related connector: this means that you are only reading from AD, and > such operation could not perform any modification on AD. > Is there any detail about your configuration that you forgot to mention > above? > > Regards. > > [1] https://syncope.apache.org/docs/reference-guide.html#connect > or-instance-details > [2] https://syncope.apache.org/docs/reference-guide.html#pull-mode > > -- > Francesco Chicchiriccò > > Tirasa - Open Source Excellence > http://www.tirasa.net/ > > Member at The Apache Software Foundation > Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail > http://home.apache.org/~ilgrosso/ > > -- *Best Regards,* *Alireza Ranjbaran* *ITS Security Operations Engineer at **MTN Irancell*
