AD Sync will not work (no users or groups are synced) with the error message 'There is no such object on the server' in the logs. There is no indication that anything went wrong in the Portal. No users or groups are synced even if there are new users to be synced. When AD Sync Status is checked, it reports it as Completed and no users or groups synced.

Application Name : ProcessManager
Log Level :Error
Log Category :ADUtilities
Message : 
[Userman] There is no such object on the server.
System.DirectoryServices.DirectoryServicesCOMException (0x80072030): There is no such object on the server.
   at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
   at System.DirectoryServices.DirectoryEntry.Bind()
   at System.DirectoryServices.DirectoryEntry.get_AdsObject()
   at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
   at System.DirectoryServices.DirectorySearcher.FindOne()
   at LogicBase.Ensemble.Userman.ServiceCore.ADUtilities.GetDirectorySearcherForServer(ActiveDirectoryServer server, String container, Boolean containerHasDnPath)
   at LogicBase.Ensemble.Userman.ServiceCore.ADUtilities.GetADMembersForOU(ActiveDirectoryServer server, String mainOrgUnit, String baseString, SearchScope searchScope)
   at LogicBase.Ensemble.Userman.ServiceCore.ADUtilities.SyncFromOrganizationalUnit(String baseString, ActiveDirectoryServer server)

Product defect.

This issue has been reported to Symantec Engineering and is being investigated.

Excluding the the invalid OU on the appropriate AD Sync Profile wizard page is not possible. You can open the wizard, make sure only the relevant OUs are checked but Workflow retains the invalid OU in the database.

There are currently two ways to resolve the issue:
- Edit the OU string in database directly. This is not recommended, unless you are very comfortable with SQL.
- Change the AD Sync Profile from Organization Units to something else, save it, then edit it again and re-select the required OUs.
The downside here is that all required OUs need to be re-selected. If there are many OUs and specific set of selected OUs in your environment the work needed to go through these may be considerable.