Sync safeguards threshold limits can be configured in the directory to help prevent unintended configuration changes to the users and groups that sync to the directory from Active Directory.

The sync safeguard thresholds that are set limit the number of changes that can be made to the users and groups when the directory syncs. If any directory safeguard threshold is met, the directory synchronization stops and a message is displayed on the directory's Sync Log page. When SMTP is configured in the VMware Identity Manager console, you receive an email message when synchronization fails because of a safeguard violation.

When synchronization fails, you can go to the directory's Sync Settings > Sync Log page to see a description of the type of safeguard violation.

To successfully complete the synchronization, you can either increase the percentage threshold of the safeguard on the Sync Safeguard settings page, or you can schedule a dry run of the sync and check Ignore Safeguards. When you select to ignore the safeguard threshold value, the safeguard values are not enforced for this sync session only.

When directory sync is run the first time, the sync safeguard values are not enforced.

Note: If you do not want to use the sync safeguards feature, delete the values from the drop-down menu. When the sync safeguard threshold text boxes are empty, sync safeguards are not enabled.