Hi,

We have user objects in the MV which we are trying to export to AD and are facing another problem:

• Error: constraint-violation
• A value for the attribute was not in the acceptable range of values.

How do we find out which attribute is causing this problem?

If I 'validate the object against the schema' it says "the required attribute 'cn' is missing".

I have just reviewed the MS "Introduction to User and Group Management" guide and the FIM 2010 MOC - and none of them say anything about the 'cn' attribute.

But anyhow, I exported MV 'accountname' to the AD 'cn' attribute and "the required attribute 'cn' is missing" went away....just left with the Constraints Violation...and in turn no AD accounts are being provisioned.

thanks

one of the attributes i was passing as a constant string value was the 'country/region' attribute. I removed that attribute flow and everything worked as planned.

• Marked as answer by D Wind Tuesday, February 22, 2011 11:16 AM

In case it helps anyone else, I ran into this issue when the source data had the full middle name in the initials. Putting in a check on length in the rules extension fixed it.

Thanks,

Sami

Also to help anyone else.  Flowing an attribute that exceeds the allowed length will cause the same issue in AD or ADLDS.  I had 3 users that had ridiculously long titles and it caused the same error.  Title in AD and ADLDS has a max length of 64.  So I updated my sync rule to chop it with a custom expression of Left(jobTitle,64) -> title.

Matt

• Edited by m_a_tt 14 hours 17 minutes ago

Also to help anyone else.  Flowing an attribute that exceeds the allowed length will cause the same issue in AD or ADLDS.  I had 3 users that had ridiculously long titles and it caused the same error.  Title in AD and ADLDS has a max length of 64.  So I updated my sync rule to chop it with a custom expression of Left(jobTitle,64) -> title.

Matt

• Edited by m_a_tt Thursday, June 18, 2015 5:07 PM