Not sure where to go with this. I'm getting several identical errors (cd-error) when exporting my groups to BHOLD. The error message doesn't contain a stack trace. But, I did configure logging for BHOLD.  BHOLD is reporting this error when an export is run:

Sql Exception Encountered

Stack: System.Data.SqlClient.SqlException (0x80131904): Reraised Error 2627, Level 14, State 1, Procedure tasks_INSERT_QueueManagementTrigger, Line 16, Message: Violation of UNIQUE KEY constraint 'PermissionNameApplicationId'. Cannot insert duplicate key in object 'dbo.Permissions'. The duplicate key value is (InvestmentStrategies, 2).
   at System.Data.SqlClient.SqlCon ..... <bla-bla-bla>

followed by a list of group names similar to this:

Base Table:
ObjectIdentifier bholdDescription bholdTaskName bholdMaxRoles bholdMaxUsers bholdAuditAction bholdAuditAlertMail ApplicationDescription 
0 Network Configuration Operators Network Configuration Operators     Active Directory 

1 Performance Log Users Performance Log Users     Active Directory 

I tried to delete this group in BHOLD-Core, but the group name doesn't show up in my search.  So, I'm stuck.   I can't get anything to process in BHOLD.  And, I have no idea how to fix this.

Any suggestions?  I going to open up a support incident soon.  This is wearing my patience.

Thanks,

Greg

Greg,

Do you have any historical data for this? Meaning was a group previously created in the UI for BHOLD core and then later deleted? I have seen some customers receive similar error, but so far have not been able to get exact steps that were taken before this happened. I suspect it has to do with using different methods to bring in permissions/groups to BHOLD other then using Access Mangement connector, using either Model Generator, BHOLD core UI, scripting service, etc.....I'm pretty sure the export for the Access Management connector uses a different methodology, and therefore different SPROCs in SQL, of adding objects to BHOLD.

Glenn,

History...

The groups were originally created using a database as a source and the BHOLD connector.  They were originally created in the metaverse, AD and BHOLD using an integer value (groupId) as the key.  A database contained the groups and was used as the source for the initial group load.  The imported attributes where groupId and groupName.  This worked well,  role/permission/user assignments were imported from BHOLD and exported to AD.  No issues.  We did not have an extensive amount of assignments configured in BHOLD.  Just a few to make sure it worked.  The steps to completely configure it were to be done after some analysis and discovery by the "owners" of the groups.

Next, the decision was made to move the creation authority for groups from the database to the FIM Portal.  Not wanting to delve into the treachery that is modifying RCDCs, we decided to change the key from the groupId to the group name (displayName, sAMAccountName, etc.) and drop the groupId attribute all together.  It is understood that this method will not allow group name changes, but we were fine with that.  That change was successfully implemented in the database (removal of the connector/MA), FIM Portal, metaverse and AD.  All aspects of group management outside of BHOLD work well. 

I'm trying to recall when exactly I started seeing this error, I am certain it was after the change to the group key from its Id to its name was made.  However, the groupId was never exported to BHOLD.  Only the group name.  There's not much technical documentation on the inner workings that's easily locatable, so I stayed "in-the-box" following examples from the labs I could locate.

As I was trying to troubleshoot this, I ran across a post containing the code to enable BHOLD logging.  I made those changes to the appropriate diagnostics section.  It was when examining that log file that I discovered the duplicate key issue.  Thinking that maybe BHOLD was confused and was not recognizing the existing groups, I went to the GUI and deleted all the groups that were listed in the log file.  That did not fix the issue.

I'm a database guy, so I'm not scared to get into a database and look around.  But, I didn't spend a lot of time digging around.  I did find one place where group names were listed and verified that the groups I deleted in the GUI were indeed gone. 

But, I'm still getting that error.

I hope that helps,

Greg