I'm currently playing around with FIM 2010 GAL Sync. As for now I still have some problems: from Forest A to Forest B provisioning works fine, from B to A does not work. Objects are present in the CS of A, but do not make it into the Active Directory. Perhaps something is wrong with the remote powershell to the Exchange 2010 utilities. Another problem I'm having is that my users from the other Forest, for whom I only want to use them for GAL sync are also getting provisioned in the Portal. Perhaps I could use a disconnector filter for that, but then I would have to get something I can filter on. DN is not there by default I think. But my actual question concerns an other issue: When I'm doing a delta sync with the MA of the FIM Service (portal) i'm getting a lot of extension-dll-exception The stack trace: Microsoft.MetadirectoryServices.NoSuchAttributeInObjectTypeException: Attribute "cn" is not usable with the object type in question. at Microsoft.MetadirectoryServices.Impl.EntryState.GetAttribute(String attributeName, IMacroCollectionBase collection) at Microsoft.MetadirectoryServices.GALSync.MVSynchronizer.AddOrRenameConnector(ConnectedMA& MA, GALMA& MAConfig, MVEntry mventry, CSEntry csentry) at Microsoft.MetadirectoryServices.GALSync.MVSynchronizer.Provision(MVEntry mventry) The problem here is, that the code trires to run the provisioning stuff for "ExpectedRuleEntries" which are being projected into the MV. Is this normal? I mean, does the foreseen galsync.dll code does not take this into account? Should I altered the galsync solution it's behaviour or is their an eassier way (no coding)? In my opinion the provision code should only do it's logic on person/groups/contacts but not on DRE/EREs. Any feedback is welcome. I have been googling this around, but whereas the setup is fairly wel documented, the combination of FIM GalSync and the Portal are new. I hope someone can help me. I inted to write some blogpost about it afterwards. I really think the amount of information on this subject is rather limited. Or I'm not looking in the right places. Kind regards, Thomas

Hi Thomas, You are going to need to modify the provisioning code in the Galsync dll. In the GALMV.vb file, find the Provision() method. Add the folowing code: Public Sub Provision( _ ByVal mventry As MVEntry) _ Implements IMVSynchronization.Provision Select Case mventry.ObjectType Case "expectedRuleEntry" ' Do Nothing Case "SomeOtherObjectYouWantToIgnore" 'Do Noting Case Else Dim i As Integer Dim MasterConnector As CSEntry = Nothing Dim MA As ConnectedMA Log("Entering provisioning for " & mventry.ToString) For Each MA In mventry.ConnectedMAs Dim csentry As CSEntry For Each csentry In MA.Connectors If csentry.ConnectionRule = RuleType.Projection Then MasterConnector = csentry End If Next Next '....... End Select

Makes sense. Thanks for the code snippet! Is there an easy way to develop code off-box? I mean withouth having to install Visual Studio on the Sync box...

You will need to copy the DLL's that are referenced in the project to your local machine. One you have built your DLL you need to copy it back to the FIM\2010\Sync\Extensions folder. I usually just install VS on my dev box. It makes it easier to debug the code if necessary. -Jeremy

For the reference I wrote a little summary about it: http://setspn.blogspot.com/2010/05/fim-gal-sync-and-fim-ma-eredre.html You changed the Case "ExpectedR... to Case "expectedR... ? Or I really need to get some sleep :) Thanks for the assistance.

Yep, I changed it after looking in the MV designer on my test box. -J

This topic is (very detailed) documented in Exchange Provisioning using ILM 2007 and FIM 2010. Cheers, MarkusMarkus Vilcinskas, Knowledge Engineer, Microsoft Corporation

Markus, I had already came across that article. While it is very (extremely) detailed, I think it mainly focusses on mailbox provisioning. I was really looking for some documentation explaining what is happing under the hood when 2 GAL MA's join/project stuff in the MV and more spefically how this interacts with what the FIM MA is doing round there. But perhaps these things are obvious for experienced FIM people. Regards, Thomas

Understanding Data Synchronization with External Systems. From the synchronization perspective, all management agents work the same way. Cheers, MarkusMarkus Vilcinskas, Knowledge Engineer, Microsoft Corporation