I am trying to take data from a SQL table (location and location ID) and make groups in AD based on these locations and then latter join them with people based on these locations via extension programming. So far I was able to import the data form the SQL table into the metaverse with no problems with a simple import MA. I created a new object called companyLocation and it has attributes called “location” and “locationID“ The attributes are getting populated into metaverse without any issues. My Location Import MA is as follows. SQL MV Location -> location LocationNumber -> locationID Now that I have this information in the MV I should be able to take the values from these attributes and flow them into AD to make the groups correct? I have an export MA set up with provision code to create the group based on examples from TechNet. Export attribute Flow AD MV Object type Group Object Type companyLocation samAccontName <- location grouptype <- Constant 2* description <- locationID My issue is when I run an export run profile it does not export or create the groups. We are using FIM 2010 using Synchronization service not FIM portal. I have been working on this for the last week on and off with no progress so any suggestions would be helpful . Joseph Noga MCITP, MCSE, MCSA, MCTS CCNA,CCDA,CCVP Practice Manager Artemis Technology LLC

Hi, There must be a sync operation (delta or full) that would create the group in the connector space. Once in the connector space, you can export it. Therefore your provisionning code must be triggered by something. You can also precreate the groups in AD,import them in the connector space and join them. Then standard attribute flow will populate them.Cordialement, Emmanuel Dreux http://www.bcpsoft.fr Formation FIM 2010

Double-click one of the companyLocation objects in the metaverse search pane. Click connectors and double-click the connector that represents the SQL data source. Now click Preview and then run a full synchronisation preview. What happens?

Thank you for the responses. @Paul When I run a full preview the preview completes successfully but there are no results or export attribute flow. @ilinfo I see what you are saying I am going to see if I can pre create the groups in AD to see how the join will work. But is there another way that I can trigger a join without having to pre-create the groups in AD? I am going to make an MA to read in the group data from AD to see if that will trigger the creation of the group. Joseph Noga MCITP, MCSE, MCSA, MCTS CCNA,CCDA,CCVP Practice Manager Artemis Technology LLC

Assuming you have created a metaverse object Type companyLocation, your provisionning code should look like this: ex: if( mventry.ObjectType == "companyLocation" ) { csentry = mventry.ConnectedMAs["Your AD MA"].StartNewConnector("group"); [...]} When a companyLocation object will be "touched" into the metaverse, this will trigger the provisionning function.Cordialement, Emmanuel Dreux http://www.bcpsoft.fr Formation FIM 2010

Yes you are correct. I have a new MV objectType called companyLocation with locationID and locaiton attributes. The MA_Group is where I am exporting from the MV to the AD. Here is my provision code. Try Select Case mventry.ObjectType.ToLower() Case "companyLocation" Dim connectedMA As ConnectedMA connectedMA = mventry.ConnectedMAs("MA_Group") If connectedMA.Connectors.Count < 1 Then Dim myContainer As String myContainer = "OU=FIM,dc=vmlab,dc=local" Dim myRDN As String myRDN = "CN=" & mventry("samAccountName").Value Dim myDN As ReferenceValue myDN = connectedMA.EscapeDNComponent(myRDN).Concat(myContainer) Dim csEntry As CSEntry csEntry = connectedMA.Connectors.StartNewConnector("group") End If csEntry.DN = myDN csEntry.CommitNewConnector() End Select Catch myEx As Exception Throw myEx End TryJoseph Noga MCITP, MCSE, MCSA, MCTS CCNA,CCDA,CCVP Practice Manager Artemis Technology LLC

myRDN = "CN=" & mventry("samAccountName").Value Based on your first post, the samAccountName attribute doesn't seam to exist in the schema of your companyLocation object. btw: Catch myEx As Exception Throw myEx is useless. Catch an exception if you can handle it, else , let it throw and go up. In you catch, you can for example log errors into a file or db and then throw it.Cordialement, Emmanuel Dreux http://www.bcpsoft.fr Formation FIM 2010

Thank you for the reply. I have created the groups in AD based on the information in my location table and now I get a join and attributes flow. Thank you for pointing out the code and the “samAccountName” attribute I will update these in my Lab and see what happens.Joseph Noga MCITP, MCSE, MCSA, MCTS CCNA,CCDA,CCVP Practice Manager Artemis Technology LLC

Since I created the groups in AD and they have been imported into the connector space and projected into the metaverse. I have been trying to write join rules for “mapping” the users of a specific location to a group of a common name. Example: If the City location of a user in AD is “Chicago” I would like then join them to a group that has the saMAccountName Chicago. When I look at the Join criteria I cannot for the life of me join a user to group? I am not sure where I need to place the join rules. Do I place the join rules on the group data source object or the user data source object? The attributes in the CS and MV have the right values I just can’t get my arms around joining these two different types of objects. The data is there I just can’t seem to make them connect. I have read the info on MIIS, and ILM around the different options pertaining to group population but they usually have SQL as an authoritative source where our source is AD with location info populated via HR database. Am I trying to do something here that is not possible or am I just going about it the wrong way? Joseph Noga MCITP, MCSE, MCSA, MCTS CCNA,CCDA,CCVP Practice Manager Artemis Technology LLC

On Wed, 1 Jun 2011 05:20:47 +0000, Joseph Noga wrote: When I look at the Join criteria I cannot for the life of me join a user to group? You're confused about the purpose of a Join operation. A join in FIM has nothing at all to do with adding members to a group. A join in FIM connects an object in an Ma's connector space with a corresponding object in the metaverse. Assume that I have an AD account and a Lotus Notes account. I run the AD MA which creates an object in the metaverse for my AD account (this is projection). Now I need to associate my Lotus Notes account with the metaverse object so I can do things like attribute flow. So, I configure my Notes MA with a join rule that somehow uniquely identifies both my Notes account and the corresponding metaverves object and FIM establishes a relationship between my Notes account object in the Notes Ma's connector space and the object in the metaverse, that is a join. Nothing at all to do with adding members to groups. Paul Adare MVP - Identity Lifecycle Manager http://www.identit.ca Downtime: Coffee breaks, lunch, or Friday mentality in the office.

Not that simple. Check the group Populator sample in this set of documents. http://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=15032653-D78E-4D9D-9E48-6CF0AE0C369C&displaylang=en This is for MIIS 2003, but the concept has not changed, and it's still working in ILM and FIM 2010. When you talked about a SQL database, I thought that it is what you had implemented. Cordialement, Emmanuel Dreux http://www.bcpsoft.fr Formation FIM 2010

Thanks for he follow up. I have downloaded the MIIS Tool kit that also contains the source code for the provisioning. I am going to develop this over the weekend to see what happens. Joseph Noga MCITP, MCSE, MCSA, MCTS CCNA,CCDA,CCVP Practice Manager Artemis Technology LLC