Struggling with provisioning with code, not the portal.
Hi all.We've come to the realisation that on account of additional CAL licensing being required when installing the portal (even if the students cannot access it because it's only used for codeless provisioning) we cannot use the codeless provisioning. This means I'm now in the position of having uninstalled the Service and Portal option, and am just running the Synchronisation Service and need to code to provision users from SQL into AD.I've been following an old Word document titled "Synchronising SQL Server objects into Active Directory", but I'm not having any luck.Using the example code from that document (around page 46) ended up throwing dll exceptions on the SQL MA Synchronise until I commented out that final Throw meErr statement (because sAMAccountName isn't part of our SQL Server table, nor should it need to be). This at least helps me understand that this DLL is run against all MAs, not just the MA you want it to. Furthermore, when I run the AD MA, I get nothing matching. The Synchronisation task simply comes back with no matches.With that in mind, I havea fewquestions:1. How do you determine within the Provision function what MA has called it, so I can bail straight out of it unless it's the MA that's supposed to call it?2. Why is the "Configure rules extension for the management agent" option in the Configure Extensions tab greyed out, since I'm guessing being able to specify it here instead of in the global configuration (Tools | Options) would allow me to not have to write additional code to detect if it's running under an MA it's not meant to run under?3. Why wouldn't the example in the document be provisioning anything? Despite not having the portal, do I still need to have a FIM MA configured? I thought it only served to provision users into the portal.For reference, here's the code I've been using: Public Sub Provision(ByVal mventry As MVEntry) Implements IMVSynchronization.Provision ' TODO: Remove this throw statement if you implement this method ' Throw New EntryPointNotImplementedException() Try Dim cMA As ConnectedMA cMA = mventry.ConnectedMAs("AD - Students") If cMA.Connectors.Count < 1 Then Dim adContainer As String If (mventry("employeeType").Value = "Staff") Then adContainer = "OU=Users,OU=Staff,OU=Notre Dame,DC=nd,DC=edu,DC=au" Else adContainer = "OU=Users,OU=Students,OU=Notre Dame,DC=nd,DC=edu,DC=au" End If Dim oRDN As String oRDN = "CN=" & mventry("sAMAccountName").Value Dim oDN As ReferenceValue oDN = cMA.EscapeDNComponent(oRDN).Concat(adContainer) Dim csEntry As CSEntry csEntry = cMA.Connectors.StartNewConnector("user") csEntry.DN = oDN csEntry.CommitNewConnector() End If Catch oError As Exception ' Throw oError End Try End Sub Cheers,Lain
December 11th, 2009 8:41am

You really need to get down to basics and understand how all this works. I suggest going through the walkthroughs such as this one: http://technet.microsoft.com/en-us/library/cc720671(WS.10).aspx. Don't worry that it says MIIS 2003 - the concepts are exactly the same. I also wrote some posts on my blog which may help: http://www.wapshere.com/missmiis/new-to-ilm-start-hereThe Metaverse extension runs against all objects in the metaverse. You sync from a MA, but it follows all the CS objects to their joined metaverse objects and then it syncs the metaverse objects, and any other CS objects they are joined to in other MAs. There is no concept of just restricting a sync to one MA. What you should do is test for object type as the first line in your Provision sub. I tend to do this sort of this:SelectCasemventry.ObjectType Case "Person"Provision_AD_Account(mventry) Provision_HomeFolder(mventrs) Case "group" Provision_AD_GroupEnd SelectAnd then I have a seperate sub-routine for each particular provisioning case, which is only ever called for the selected object type.HTH,Carolhttp://www.wapshere.com/missmiis
Free Windows Admin Tool Kit Click here and download it now
December 11th, 2009 3:27pm

Okay, the Select block is fine - that's at least something familiar in a foreign world.An afterthought that crept up as I was on my way home this afternoon though was, do I have to write code for every method, or can I get away with just overriding the Provision method? I'm trying to reconcile why when I followed the example in the document that I listed earlier it didn't seem to do anything at all - not even produce an error when I went out of my way to misspell the name of an attribute.I'll take a look at the link later today. Given it's 1:20am, I don't think I can digest anymore for one day. Thanks for the assistance, Carol.Cheers,Lain
December 11th, 2009 8:30pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics