Publishing To Active Directory from Two Authoritative Data Sources
I am having problems while doing an export of records out to my FIMMA. When i run the export and i check my records all of them are blank. All I see on the page is displayName
= "no display name) and all other data empty.
I used the "How Do I Synchronize Users from Active Directory Domain Services to FIM" guide to first import all my existing records from AD into FIM. Once I did this I then
followed the "Introduction to Publishing To Active Directory from Two Authoritative Data Sources" guide to setup my other main data source.
I did notice a few differences in each guide. One being the "create resource in FIM" checkbox is left blank on the secondary guide. Would i need to remove this
once i have imported all of my AD records and am ready to use my other source? The other difference is that it ask for me to set the DN as an initial flow. Since the value will change depending on employeeType, would i still need to make it an initial
flow value since it will need to be modified depending on that field mentioned above.?
Then after this how would i deal with blank records?
Thanks,
August 31st, 2010 5:54pm
Would i need to remove this once i have imported all of my AD records and am ready to use my other source?
You need to tick the checkbox if you want that when a new object in the data source triggers the creation of an object in FIM.
DN as an initial flow. Since the value will change depending on employeeType, would i still need to make it an initial flow value since it will need to be modified depending on that field mentioned above.?
In order to create an object you must provide a DN for it. Maybe you could create two flows, one with 'initial flow only' and the other not.
How would i deal with blank records?
Check the attributes precedence in the Metaverse: you will see that FIM is on top, so when you create an object in FIM, the (empty) FIM value is taken. I'm sure the guide mentions this at some point.
Cheers,
PaoloPaolo Tedesco - http://cern.ch/idm
Free Windows Admin Tool Kit Click here and download it now
August 31st, 2010 6:06pm
Hi There,
Usually when the attributes are all empty in the FIM Portal the export attribute flow rules haven't been configured in the FIM MA. Verify that you have the outbound flows (arrows pointing to the left) configured properly for the MA to export the required
data to the fields.
Once you have all the rules in place, run a full synchronization and it should allow you to update the records in FIM Portal.
Regrettably, I haven't gone through the scenario guide that you have used and I don't know the whole scenario. I would assume however, that you would want to keep the "create object in FIM" selected if that source was going to continue to be an authoritative
source for objects. If you deselect it, the new objects created in the data source would not be brought into the environment, synchronized and output to the portal and other data sources in the environment.
Thanks.
B
August 31st, 2010 6:11pm