Duplicate user objects created in FIM metaverse
I have FIM 2010 RTM setup. All FIM roles with SQL DB installed on single m/c. MA are configured for AD & FIM. Everything was workign fine. First I have imported users from AD to FIM portal, then I have started with groups. Then I have configured outbound
sync rule for groups to update only members in AD.
Since last few days I am facing following errors while doing FIM MA export/Import.
FIM MA Import
exported-change-not-reimported
FIM MA Export Error
1) dn-attributes-failure
Fault Reason: The endpoint could not dispatch the request.
Fault Details: <DispatchRequestFailures xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"><DispatchRequestAdministratorDetails><FailureMessage>Request
could not be dispatched.
Exception: Other
Stack Trace: Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: Other ---&gt; System.Data.SqlClient.SqlException: Reraised Error 50000, Level 16, State 1, Procedure ReRaiseException, Line 31, Message: Reraised Error 50000,
Level 16, State 1, Procedure ReRaiseException, Line 31, Message: Reraised Error 8114, Level 16, State 5, Procedure GenerateRequestOutput, Line 363, Message: Error converting data type nvarchar to bigint.
at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
at System.Data.SqlClient.SqlDataReader.ConsumeMetaData()
at System.Data.SqlClient.SqlDataReader.get_MetaData()
at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)
at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method)
at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method)
at System.Data.SqlClient.SqlCommand.ExecuteReader()
at Microsoft.ResourceManagement.Data.DataAccess.DoRequestCreation(RequestType request, Guid cause, Guid requestMarker, Boolean doEvaluation, Int16 serviceId, Int16 servicePartitionId)
--- End of inner exception stack trace ---
at Microsoft.ResourceManagement.WebServices.RequestDispatcher.CreateRequest(CreateRequestDispatchParameter dispatchParameter)
at Microsoft.ResourceManagement.WebServices.RequestDispatcher.CreateRequest(UniqueIdentifier requestor, UniqueIdentifier targetIdentifier, OperationType operation, String businessJustification, List`1 requestParameters, CultureInfo locale, Boolean
isChildRequest, Guid cause, Boolean doEvaluation, Nullable`1 serviceId, Nullable`1 servicePartitionId)
at Microsoft.ResourceManagement.WebServices.RequestDispatcher.CreateRequest(UniqueIdentifier requestor, UniqueIdentifier targetIdentifier, OperationType operation, String businessJustification, List`1 requestParameters, CultureInfo locale, Boolean
isChildRequest, Guid cause, Boolean doEvaluation)
at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Put(Message request)</FailureMessage><DispatchRequestFailureSource>Other</DispatchRequestFailureSource></DispatchRequestAdministratorDetails></DispatchRequestFailures>
2) failed-modification-via-web-services
Fault Reason: The request message contains errors that prevent processing the request.
Fault Details: <RepresentationFailures xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"><AttributeRepresentationFailure><AttributeType>AccountName</AttributeType><AttributeValue></AttributeValue><FailureMessage>The
specified attribute value must be unique for this Resource Type.</FailureMessage><AttributeFailureCode>ValueViolatesUniqueness</AttributeFailureCode></AttributeRepresentationFailure></RepresentationFailures>
3) failed-creation-via-web-services
Fault Reason: The request message contains errors that prevent processing the request.
Fault Details: <RepresentationFailures xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<AttributeRepresentationFailure><AttributeType>ObjectSID</AttributeType><AttributeValue></AttributeValue><FailureMessage>
The specified attribute value must be unique for this Resource Type.
</FailureMessage><AttributeFailureCode>ValueViolatesUniqueness</AttributeFailureCode></AttributeRepresentationFailure></RepresentationFailures>
It is updating most user & groups accounts in FIM portal. When I searched in metaverse I found that the objects for which the error is reported having two entries in Metaverse. I am not able to find out why it is giving errors for account name &
objectSid.
I have removed ad group outbound sync rule & FIM MA is configured for basic user & group Export attribute flow with two sync rule. but still no luck..
Any help on this is much appreciated. Thanks in advance..
Anand k
July 24th, 2010 1:16pm
Looks like the errors for ObjectSID and Name are also based on that fact that the ID's are not unique. Unfortunately I am not able to give you directions on what to change as I dont know your settings. You could use the PowerShell scripts in the FIM Knowledge
box to document your attribute flows in the sync rules and post them to the forum.
BrjannThis posting is provided "AS IS" with no warranties, and confers no rights
Free Windows Admin Tool Kit Click here and download it now
July 25th, 2010 3:23am
Hello Brjann
Thanks for your reply. Pls find the sync rule attribute flow. Pls let me know if this is correct..
Metaverse Attribute Flow Configuration for synchronizationRule
connectedObjectType, ranked
Management Agent
Object Type
Type
Source Attributes
FIMMA
SynchronizationRule
d
ConnectedObjectType
-
connectedSystem, ranked
Management Agent
Object Type
Type
Source Attributes
FIMMA
SynchronizationRule
d
ConnectedSystem
-
connectedSystemScope, ranked
Management Agent
Object Type
Type
Source Attributes
FIMMA
SynchronizationRule
d
ConnectedSystemScope
-
createConnectedSystemObject, ranked
Management Agent
Object Type
Type
Source Attributes
FIMMA
SynchronizationRule
d
CreateConnectedSystemObject
-
createILMObject, ranked
Management Agent
Object Type
Type
Source Attributes
FIMMA
SynchronizationRule
d
CreateILMObject
-
dependency, ranked
Management Agent
Object Type
Type
Source Attributes
FIMMA
SynchronizationRule
d
Dependency
-
disconnectConnectedSystemObject, ranked
Management Agent
Object Type
Type
Source Attributes
FIMMA
SynchronizationRule
d
DisconnectConnectedSystemObject
-
displayName, ranked
Management Agent
Object Type
Type
Source Attributes
FIMMA
SynchronizationRule
d
DisplayName
-
existenceTest, ranked
Management Agent
Object Type
Type
Source Attributes
FIMMA
SynchronizationRule
d
ExistenceTest
-
flowType, ranked
Management Agent
Object Type
Type
Source Attributes
FIMMA
SynchronizationRule
d
FlowType
-
ilmObjectType, ranked
Management Agent
Object Type
Type
Source Attributes
FIMMA
SynchronizationRule
d
ILMObjectType
-
initialFlow, ranked
Management Agent
Object Type
Type
Source Attributes
FIMMA
SynchronizationRule
d
InitialFlow
-
persistentFlow, ranked
Management Agent
Object Type
Type
Source Attributes
FIMMA
SynchronizationRule
d
PersistentFlow
-
precedence, ranked
Management Agent
Object Type
Type
Source Attributes
FIMMA
SynchronizationRule
d
Precedence
-
relationshipCriteria, ranked
Management Agent
Object Type
Type
Source Attributes
FIMMA
SynchronizationRule
d
RelationshipCriteria
-
synchronizationRuleParameters, ranked
Management Agent
Object Type
Type
Source Attributes
FIMMA
SynchronizationRule
d
SynchronizationRuleParameters
Metaverse Attribute Flow Configuration for person
accountName, equal
Management Agent
Object Type
Type
Source Attributes
ADMA
user
sr
sAMAccountName
-
csObjectID, ranked
Management Agent
Object Type
Type
Source Attributes
FIMMA
Person
d
dn
-
department, ranked
Management Agent
Object Type
Type
Source Attributes
ADMA
user
sr
department
-
displayName, equal
Management Agent
Object Type
Type
Source Attributes
ADMA
user
sr
displayName
-
domain, equal
Management Agent
Object Type
Type
Source Attributes
ADMA
user
sr
CustomExpression(IIF(Eq(Left(ConvertSidToString(objectSid),39),"S-1-5-21-2000478354-299502267-725345543"),"PERSISTENT","Unknown"))
-
firstName, equal
Management Agent
Object Type
Type
Source Attributes
ADMA
user
sr
givenName
-
jobTitle, ranked
Management Agent
Object Type
Type
Source Attributes
ADMA
user
sr
title
-
lastName, equal
Management Agent
Object Type
Type
Source Attributes
ADMA
user
sr
sn
-
mail, equal
Management Agent
Object Type
Type
Source Attributes
ADMA
user
sr
mail
-
mailNickname, ranked
Management Agent
Object Type
Type
Source Attributes
ADMA
user
sr
mailNickname
-
manager, equal
Management Agent
Object Type
Type
Source Attributes
ADMA
user
sr
manager
-
mobilePhone, ranked
Management Agent
Object Type
Type
Source Attributes
ADMA
user
sr
mobile
-
objectSid, ranked
Management Agent
Object Type
Type
Source Attributes
ADMA
user
sr
objectSid
-
officeLocation, ranked
Management Agent
Object Type
Type
Source Attributes
ADMA
user
sr
physicalDeliveryOfficeName
-
officePhone, ranked
Management Agent
Object Type
Type
Source Attributes
ADMA
user
sr
telephoneNumber
Metaverse Attribute Flow Configuration for group
accountName, equal
Management Agent
Object Type
Type
Source Attributes
ADMA
group
sr
sAMAccountName
-
csObjectID, ranked
Management Agent
Object Type
Type
Source Attributes
FIMMA
Group
d
dn
-
description, equal
Management Agent
Object Type
Type
Source Attributes
ADMA
group
sr
description
-
domain, equal
Management Agent
Object Type
Type
Source Attributes
ADMA
group
sr
Constant: PERSISTENT
-
mail, equal
Management Agent
Object Type
Type
Source Attributes
ADMA
group
sr
mail
-
mailNickname, equal
Management Agent
Object Type
Type
Source Attributes
ADMA
group
sr
mailNickname
-
member, equal
Management Agent
Object Type
Type
Source Attributes
ADMA
group
sr
member
-
membershipAddWorkflow, equal
Management Agent
Object Type
Type
Source Attributes
ADMA
group
sr
Constant: Owner Approval
-
membershipLocked, equal
Management Agent
Object Type
Type
Source Attributes
ADMA
group
sr
Constant: 0
-
owner, ranked
Management Agent
Object Type
Type
Source Attributes
ADMA
group
sr
managedBy
-
scope, equal
Management Agent
Object Type
Type
Source Attributes
ADMA
group
sr
CustomExpression(IIF(Eq(BitAnd(2,groupType),2),"Global",IIF(Eq(BitAnd(4,groupType),4),"DomainLocal",IIF(Eq(BitAnd(8,groupType),8),"Universal",""))))
-
type, equal
Management Agent
Object Type
Type
Source Attributes
ADMA
group
sr
CustomExpression(IIF(LessThan(groupType,0),"Security","Distribution"))
Anandk
July 27th, 2010 9:07am