Clean Export for MV
I am having issues with old exports to MV. I am having the same issues as this thread:
http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/d6408dd8-ae66-4f5b-8fb9-edae45c0396d. However, there is no response on how to clean the old exports since I have updated the sync rules with all the correct group attribtues. Anyway to delete
the old exports giving me errors so I can run a clean export to MV?
June 4th, 2010 7:32pm
You could delete the content of the connector space.
Cheers,
Markus
Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation
Free Windows Admin Tool Kit Click here and download it now
June 12th, 2010 4:15pm
Ok, I deleted the space and seem to get the same error so I must have my groups set up incorrectly. Here is what I have for inbound sync rule:
IIF(Eq(BitAnd(2,groupType),2),"Global",IIF(Eq(BitAnd(4,groupType),4),"DomainLocal","Universal")) = scope
IIF(Eq(BitOr(14,groupType),14),"Distribution","Security") = type
false = membershiplocked
none = memberaddflow
NETBIOSNAME = domain
Then for the Configure Attributes Flow for groups in the FIM Service MA, not AD MA, I have this configured:
Import:
Data Source : Metaverse
Membershiplocked = membershiplocked
Memberaddflow = memberaddflow
Domain = domain
Scope = scope
Type = type
I do a Full Import and Sync, then an export. The export says:
Required attribute "Domain" missing. Then the other missing attribute errors...
The "Domain" is capitalized, I am not sure what I am missing here to get this from not erroring out on the web service during an export.
Thanks.
June 14th, 2010 7:00am
NETBIOSNAME = domain
Does this mean, you are flowing "NETBIOSNAME" as value for the domain attribute?
If so, I doubt a bit that this is the right value.
The value of this attribute is the nETBIOSName of the domain a resource belongs to.
You can use this
script to see what the value of this attribute should be.
Please see
How Do I Synchronize Users from Active Directory Domain Services to FIM for more details.
Cheers,
Markus
Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation
Free Windows Admin Tool Kit Click here and download it now
June 14th, 2010 10:39am
NetBiosName is the Domain name. I did not want to provide my domain for the example.
The user syncrhonization is fine.
I deleted all the AD and MA connector spaces. However, I am getting errors with the below for the groups:
Membershiplocked
Memberaddflow
Domain
Scope
Type
I have followed this document,
http://social.technet.microsoft.com/Forums/en/ilm2/thread/e6a09fa9-e8bc-4fd1-bc19-b07c21375ee3, but still receive the errors.
June 14th, 2010 7:54pm
NetBiosName is the Domain name. I did not want to provide my domain for the example.
Just making sure - it will have to be the valid value for your objects.
It just seems to be an odd name for a domain :-)
Since you still get the error for all these attributes, you should do a connector space search and verify whether these attributes are set on the affected group objects in the
FIM connector space.
Instructions for verifying whether your objects have the required attribute values are in the
Introduction to Inbound Synchronization and
Introduction to Outbound Synchronization.
Cheers,
Markus
Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation
Free Windows Admin Tool Kit Click here and download it now
June 14th, 2010 8:12pm
Followed, these except outbound. I am not doing any outbound synchronization to Active Directory. I just want to get the groups into the FIM MA. When I do a search on the FIM Service MA, I can see the the group but when I validate the object schema it
gives me the errors that the attributes for the groups are not there, so the export errors for the FIM Service MA. Even when I look in the Metaverse Designer and look at the attributes for the groups they have a precedent set to 1. I can even search
the Metaverse and find the groups but the object schema still has errors. Do I need to create an outbound syncrhonization rule for groups?
Also, if I look at the AD connector space and do a preview and drill down to Connector Update > Export Attribute Flow, I receive a bunch of these for the groups:
Skipped: Not Precedent,membershipAddWorkflow,Direct,MembershipAddWorkflow,,(Deleted)
Skipped: Not Precedent,membershipLocked,Direct,MembershipLocked,,(Deleted)
etc..
June 14th, 2010 8:50pm
This means that you must have import attribute flow mappings configured for these attributes on your FIM MA.
Remove these flow mappings, and then run a full synchronization on your FIM MA.
About Attribute Flow Precedence.
Cheers,
Markus
Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation
Free Windows Admin Tool Kit Click here and download it now
June 14th, 2010 9:42pm
Ok, I got the errors resolved. I had the Configure Attribute Flow incorrect in the FIM Service MA. The group attributes where from Data Attribute Source to Metaverse. Since I do not have these defined in AD it was erroring. Therefore
my synchronization rule would not supply the FIM Service MA the group attributes, it was wanting the attribute flow to already have the attribute.
June 14th, 2010 10:10pm