We see at times where an attribute is not synchronized to a downstream system.
The Identity attribute in ISC is updated on the aggregation, but the destination system such as a JDBC database isn’t updated. We have also seen this with Active Directory.
If we trigger an attribute synchronization on the Identity in ISC, we see the destination source updated. We are doing spot checks from several days prior to look for inconsistencies.
What is the best way to analyze and validate that all account attributes are updated with what ISC has on the Identity Attributes?
What are the best search results to find synchronization related errors?
We use this script to preview changes before enabling attribute sync, but it should be able to be used to also validate which attributes are not in sync with their identity attributes per source.
I skipped the second question you had regarding search, sorry about that.
You can search on this attribute in the UI for all attribute sync related events: attributes.interface:"attribute sync".
Adding onto this, you can search for al of the attribute syncs that failed in the past day: created:[now-1d TO now] AND attributes.interface:"attribute sync" AND status:"FAILED"
You can keep scoping this accordingly based off source or anything else that is required. The columns have some additional data, but not all of them are available, such as attributeName, previousValue, or attributeValue. If you are looking for this info, you can run this search through the /search API and get all of the fields that way.