Forum Discussion
Solved
Adsync Export errors
I have around 100 Export error, stating "cd-missing-object", when i tried to determined that those object are Groups created in on-prem AD and does not have any members, is it safe to remove those Groups to avoid export error?
Hi RabbaniSYed,
cd-missing-object means that AAD Connect is trying to push updates out to a connected object during an export cycle, but the target object no longer exists.
If the errors are on your on-premise Active Directory connector, then the groups should be missing from on-premise Active Directory (or perhaps they're out of scope - I can't remember if that can still produce a cd-missing-object). But I'm guessing this isn't the case.
Similarly, if the errors are on your Azure AD connector, then the groups no longer exist in Azure AD. This is the more likely scenario.
However, the fact that the groups are empty has nothing to do with this error.
If the errors are on the Azure AD connector, there is no reason to delete the source groups from on-premise Active Directory. A safer approach would be to de-scope them (from within AAD Connect) rather than delete them so that AAD Connect no longer tries to export them to Azure AD. That will get rid of the cd-missing-object errors for this scenario.
Ultimately, it's your choice.
If the errors are on the on-premise Active Directory connector then this might be a leftover of the group writeback feature, which is a bit more complicated since there's two versions, one of which (v2) has been discontinued. But I'm not expecting this is the case so I'll stop here.
Cheers,
Lain
Hi RabbaniSYed,
cd-missing-object means that AAD Connect is trying to push updates out to a connected object during an export cycle, but the target object no longer exists.
If the errors are on your on-premise Active Directory connector, then the groups should be missing from on-premise Active Directory (or perhaps they're out of scope - I can't remember if that can still produce a cd-missing-object). But I'm guessing this isn't the case.
Similarly, if the errors are on your Azure AD connector, then the groups no longer exist in Azure AD. This is the more likely scenario.
However, the fact that the groups are empty has nothing to do with this error.
If the errors are on the Azure AD connector, there is no reason to delete the source groups from on-premise Active Directory. A safer approach would be to de-scope them (from within AAD Connect) rather than delete them so that AAD Connect no longer tries to export them to Azure AD. That will get rid of the cd-missing-object errors for this scenario.
Ultimately, it's your choice.
If the errors are on the on-premise Active Directory connector then this might be a leftover of the group writeback feature, which is a bit more complicated since there's two versions, one of which (v2) has been discontinued. But I'm not expecting this is the case so I'll stop here.
Cheers,
Lain
Yeah, That a great idea to de-scope 👍
Please consider this as well:
- Verify Group Usage: Ensure that these groups are not being used for any specific purpose, such as permissions or policies, even if they currently have no members.
- Backup: Before deleting any groups, it's a good practice to back up your Active Directory. This way, you can restore the groups if needed.
- Test Environment: If possible, test the removal of these groups in a non-production environment to ensure that it resolves the export errors without causing any unintended consequences.
