Joining by distinguished name using classical provisioning
I want to replicate an AD structure to ADAM, using classical provisioning. Since the source and the destination have the same structure, I would like to have a join rule that matches objects based on their distinguished name, but apparently this is not possible: the "join rule" dialog does not show the distinguished name among the data source attributes. Is this possible? Should I use a MA extension? Thanks, Paolo Paolo Tedesco - http://cern.ch/idm
October 30th, 2012 8:45am

You can use an MA Rules Extension. Flow the DN in from AD to an attribute then join on this. In the rules extension set the DN as one of the values to join on.
Free Windows Admin Tool Kit Click here and download it now
October 31st, 2012 10:40am

Hi Mark, The problem is that the DN is not selectable from the management agent attributes. I can create a rules extension project, and then inside the code I can use the DN of the CSEntry to join, but in the configuration what should I use? Picking a random attribute and then join using the DN from the code does not seem that good... Is there really no way to have a direct join based on DN? Thanks, PaoloPaolo Tedesco - http://cern.ch/idm
October 31st, 2012 12:10pm

It doesn't appear so. Pick an attribute that always has a value so the rule runs.
Free Windows Admin Tool Kit Click here and download it now
October 31st, 2012 12:35pm

Hello Paolo, Try the scenario using Rule Extension MapAttributeForJoin where the mapping source attribute is a random attribute - it works for me. void IMASynchronization.MapAttributesForJoin (string FlowRuleName, CSEntry csentry, ref ValueCollection values) { switch (FlowRuleName) { case "cd.user#1:sAMAccountName->MVDistinguishedName": values.Add(csentry.DN); break; } } Patrick. Patrick Layani
November 4th, 2012 11:19am

Hello Paolo, Try the scenario using Rule Extension MapAttributeForJoin where the mapping source attribute is a random attribute - it works for me. void IMASynchronization.MapAttributesForJoin (string FlowRuleName, CSEntry csentry, ref ValueCollection values) { switch (FlowRuleName) { case "cd.user#1:sAMAccountName->MVDistinguishedName": values.Add(csentry.DN); break; } } Patrick. Patrick Layani
Free Windows Admin Tool Kit Click here and download it now
November 4th, 2012 11:19am

Hi Patrick, Thanks for your answer. That's what we ended up doing :D Currently we're using the "cn" or "ou" attributes according to the object type. I just wanted to be sure that there are no inconveniences in mapping from a random attribute. Cheers, PaoloPaolo Tedesco - http://cern.ch/idm
November 5th, 2012 3:15am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics