User Already in AD cannot autneticate in ILM Protal
Hi,I have Few users added in AD which were present before deploying ILM. now i have an issue that those users does have access to ILM portal. So i added thoses users in ILM portal & they got access to portal. Now added few more users via ILM portal, and run Run Profiles, getting duplicate entries in AD for those users who were previously present with one more space between FirstName and LastName. and getting MA sync error "cd-existing-object"Also if i delete user from ILM portal it is not automatically getting deleted in ILM portal.Does it require any more Attribute flow or any other changed in MA.Please help me .Thanks in Advance. :)Mohit Goyal
June 24th, 2009 10:58am

Hi Mohit. you should import the pre-ILM users to the metaverse with an inbound rule, and then export them to ILM, rather than adding them manually to the ILM portal. If you configure the inbound flow correctly, the users will get access to the portal. What do you mean with "Also if i delete user from ILM portal it is not automatically getting deleted in ILM portal"? are you getting an error when you delete a user? Cheers, Paolo
Free Windows Admin Tool Kit Click here and download it now
June 24th, 2009 2:20pm

No i am not getting error, rather when i am deleting any user from ILM portal, and then i sync it with AD to get changes effective, it is not and i get (Unknown Name) user added to ILM portal User list.just wanted to check (if it is correct) the sequence of Run profile every time any change has occured in ILM:first run ILM MA :- Full ImportFull SyncExportDelta ImportThen run AD MA:-ExportDelta ImportMohit Goyal
June 24th, 2009 2:55pm

Mohit,full imports are only necessary to initialize an environment.After the first full import, you can move on with delta imports.The same applies to synchronization runs.A full sync is only necessary when you have updated your synchronization rules.In an initialized environment, you should use delta syncs.Cheers,MarkusMarkus Vilcinskas, Technical Content Developer, Microsoft Corporation
Free Windows Admin Tool Kit Click here and download it now
June 24th, 2009 5:44pm

My question still stands, WHile i delete user from ILM Portal and then i run Run Profiles, it should automatically remove those users from AD also but it is not happening. As per your suggestions, i followed run profiles as follows:-ILM MA:-Delta ImportDelta SyncExportDelta ImportAD MA:-ExportDelta ImportThis should do all updated in ILM and AD vice versa but not happening.Mohit Goyal
June 25th, 2009 10:02am

Hi Mohit, to get the users deleted from AD you must configure the deprovisioning rules in the AD Management Agent: Agent properties -> Configure Deprovisioning -> Stage a delete on the object for the next export run Be careful with that, anyway: what if a mistake happens somewhere (you delete the wrong user from the ILM portal, the HR department deletes the wrong person) and you delete an account from Active Directory? I think it would be safer not to delete accounts automatically , maybe just disable them... Cheers, Paolo
Free Windows Admin Tool Kit Click here and download it now
June 25th, 2009 10:59am

Hello Mohit,I had the same issue (Unknown name) accounts generated in the ILM Portal. I solved the problem by adjusting the attribute precedence in Metaverse Designer. I had to set the orderof thesource ma before the ILM ma.
June 27th, 2009 1:32am

You might want to take a look at Understanding Deletions in ILM.This will hopefully give you a better understanding of how they are processed.It is hard to explain the deletion process in one or two sentences, which is why I wrote the article.Cheers,MarkusMarkus Vilcinskas, Technical Content Developer, Microsoft Corporation
Free Windows Admin Tool Kit Click here and download it now
June 27th, 2009 2:08am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics