10.12 Moving the Driver to a Different Domain Controller

You can configure the driver to synchronize against a different domain controller by changing the driver Authentication Context parameter. When you restart the driver, the state information that the driver uses to track changes in Active Directory is invalid, and Active Directory might replay a large number of old events to bring the state back to the current time.

You can avoid this replay by removing the driver state information while updating the Authentication Context:

  1. Stop the driver.

  2. Delete the Dirxml-DriverStorage attribute on the Driver object in the Identity Vault.

  3. Update the Authentication Context parameter.

  4. Start the driver.

    This causes a resynchronization of associated objects in the Identity Vault.

  5. Re-migrate to find unassociated objects in Active Directory.