Hi,

Apologies in advanced, I have very basic knowledge of FIM Sync!

I have GALSync nicely configured to sync contacts from Domain A to Domain B.  This works perfectly and has helped a lot with our cross forest move.

However I now need to add Domain C into the mix which only needs certain users from Domain A syncing across (these do not need to be in Domain B).

I have tried adding a connector filter on Domain C's Management Agent as "Mail does contains certaindomain.com" however it will still sync all the unwanted contacts from Domain A.

How can I go about this?  Will I need to wait for us to finish the migration to domain B and then add the OU's I need?

Any help would be appreciated as I would like to start adding contacts into Domain C

• Edited by traveyb1 Wednesday, February 04, 2015 10:59 PM

If you are using the FIM Portal and have created synchronization rules in the portal, you are doing codeless.  There are samples on the web.  I was not able to paste the screen shot.

In that case option 1 (set filter in outbound) applies.

If you have done provisioning in code, something like below, then you need to change this part.

 void IMVSynchronization.Provision(MVEntry mventry)
                if (mventry["AD_DOMAIN"].ToLower().Equals("domainc"))
                {
                            //Provision
                }

I am just using standard Forefront Identity Manager 2010 R2 running the Synchronization Service Manager console.

Ok,

There is some code that comes with the GALSync.

1. Code is located %Program Files/Forefront Identity Manager/2010/Synchronization Service/SourceCode

2. Assuming not other customizations or code changes have been made, you should be able to Open "GALSync.sln" in Visual Studio and make the changes to GALMV.vb

3. Section you need to modify is below.  I am pasting the before and after changes code.

4. Rebuild the code and test the solution

------------------------Before--------------

Public Sub Provision( _
            ByVal mventry As MVEntry) _
            Implements IMVSynchronization.Provision

            Dim i As Integer
            Dim MasterConnector As CSEntry = Nothing
            Dim MA As ConnectedMA

            Log("Entering provisioning for " & mventry.ToString)

            For Each MA In mventry.ConnectedMAs
                Dim csentry As CSEntry
                For Each csentry In MA.Connectors
                    If csentry.ConnectionRule = RuleType.Projection Then
                        MasterConnector = csentry
                    End If
                Next
            Next

            '
            ' For every MA, try to add a csentry, if there is not already one
            '
            For i = 0 To galMAs.Length - 1

                MA = mventry.ConnectedMAs(galMAs(i).MAName)
                If 0 = MA.Connectors.Count Then
                    '
                    ' If there were no connectors, then we are going to add one
                    '
                    AddOrRenameConnector(MA, galMAs(i), mventry)

                ElseIf 1 = MA.Connectors.Count Then
                    '
                    ' If there is one connector,
                    ' - if it is the master object connector then it is ok.
                    ' - if it is a replica object, then check for rename.
                    ' - if it is a join object outside the Synchronization
                    '   OU, then it is a problem, log it
                    '
                    Dim csentry As CSEntry = MA.Connectors.ByIndex(0)
                    If IsInSynchronizationOU(csentry) Then
                        AddOrRenameConnector(MA, galMAs(i), mventry, csentry)
                    Else
                        If Not csentry Is MasterConnector Then
                            '
                            ' This object has joined.
                            '
                            Dim LogString As String = _
                            "A contact for this object " _
                            & MasterConnector.ToString _
                            & " called contact " & csentry.ToString _
                            & " already exists in forest represented by MA " _
                            & MA.Name _
                            & ". If you would like to preserve this " _
                            & "contact and have us manage it, please " _
                            & "move the contact into Synchronization OU. " _
                            & "If you would like us to create " _
                            & "a new contact and manage it, " _
                            & "please delete this one."

                            Log(LogString)
                        End If
                    End If
                Else

                    '
                    ' We have more than one connectors undert the same MA,
                    ' print an error message.
                    '
                    Dim csentry As CSEntry
                    Dim index As Integer
                    Dim countCsRemaining As Integer = 0
                    Dim contactOutsideSyncOU As Boolean = False

                    Dim LogString As String = _
                        "Multiple or outside-synchronizaiton-OU " _
                        & "connector(s) for the MV object " _
                        & MasterConnector.ToString _
                        & "exist, they are: "

                    For index = MA.Connectors.Count - 1 To 0 Step -1

                        csentry = MA.Connectors.ByIndex(index)

                        If csentry.ConnectionRule = RuleType.Provisioning Then
                            Log("Disconnecting provisioned " & csentry.ToString)
                            csentry.Deprovision()
                        Else
                            countCsRemaining = countCsRemaining + 1
                            LogString = LogString & csentry.ToString _
                                & " lives in forest connected by " _
                                & MA.Name & " "
                            If Not IsInSynchronizationOU(csentry) _
                                AndAlso csentry.ObjectType = CONTACT Then
                                contactOutsideSyncOU = True
                            End If
                        End If
                    Next

                    '
                    ' If we end up with more than one connector, or
                    ' any contact outside synchronization OU,
                    ' we want to log a warning message
                    '
                    If (countCsRemaining > 1) _
                        OrElse (True = contactOutsideSyncOU) Then
                        LogString = LogString _
                            & ". Please refer to documentation " _
                            & "to resolve the conflict."
                        Log(LogString)
                    End If
                End If
            Next

        End Sub

------------------------After----------------

 Public Sub Provision( _
            ByVal mventry As MVEntry) _
            Implements IMVSynchronization.Provision

            Dim i As Integer
            Dim MasterConnector As CSEntry = Nothing
            Dim MA As ConnectedMA

            Log("Entering provisioning for " & mventry.ToString)

            For Each MA In mventry.ConnectedMAs
                Dim csentry As CSEntry
                For Each csentry In MA.Connectors
                    If csentry.ConnectionRule = RuleType.Projection Then
                        'Nosh Code Added.  DOMAIN_C_ATT_NAME=Name of your attribute that identifies the users to be filtered

                        If mventry("DOMAIN_C_ATT_NAME").ToLower().Equals("something")) Then 
                            'End Of Nosh Code Added

                            MasterConnector = csentry
                            'Nosh Code Added
                        End If
                        'End of Nosh Code Added

                    End If
                Next
            Next

            '
            ' For every MA, try to add a csentry, if there is not already one
            '
            For i = 0 To galMAs.Length - 1

                MA = mventry.ConnectedMAs(galMAs(i).MAName)
                If 0 = MA.Connectors.Count Then
                    '
                    ' If there were no connectors, then we are going to add one
                    '
                    AddOrRenameConnector(MA, galMAs(i), mventry)

                ElseIf 1 = MA.Connectors.Count Then
                    '
                    ' If there is one connector,
                    ' - if it is the master object connector then it is ok.
                    ' - if it is a replica object, then check for rename.
                    ' - if it is a join object outside the Synchronization
                    '   OU, then it is a problem, log it
                    '
                    Dim csentry As CSEntry = MA.Connectors.ByIndex(0)
                    If IsInSynchronizationOU(csentry) Then
                        AddOrRenameConnector(MA, galMAs(i), mventry, csentry)
                    Else
                        If Not csentry Is MasterConnector Then
                            '
                            ' This object has joined.
                            '
                            Dim LogString As String = _
                            "A contact for this object " _
                            & MasterConnector.ToString _
                            & " called contact " & csentry.ToString _
                            & " already exists in forest represented by MA " _
                            & MA.Name _
                            & ". If you would like to preserve this " _
                            & "contact and have us manage it, please " _
                            & "move the contact into Synchronization OU. " _
                            & "If you would like us to create " _
                            & "a new contact and manage it, " _
                            & "please delete this one."

                            Log(LogString)
                        End If
                    End If
                Else

                    '
                    ' We have more than one connectors undert the same MA,
                    ' print an error message.
                    '
                    Dim csentry As CSEntry
                    Dim index As Integer
                    Dim countCsRemaining As Integer = 0
                    Dim contactOutsideSyncOU As Boolean = False

                    Dim LogString As String = _
                        "Multiple or outside-synchronizaiton-OU " _
                        & "connector(s) for the MV object " _
                        & MasterConnector.ToString _
                        & "exist, they are: "

                    For index = MA.Connectors.Count - 1 To 0 Step -1

                        csentry = MA.Connectors.ByIndex(index)

                        If csentry.ConnectionRule = RuleType.Provisioning Then
                            Log("Disconnecting provisioned " & csentry.ToString)
                            csentry.Deprovision()
                        Else
                            countCsRemaining = countCsRemaining + 1
                            LogString = LogString & csentry.ToString _
                                & " lives in forest connected by " _
                                & MA.Name & " "
                            If Not IsInSynchronizationOU(csentry) _
                                AndAlso csentry.ObjectType = CONTACT Then
                                contactOutsideSyncOU = True
                            End If
                        End If
                    Next

                    '
                    ' If we end up with more than one connector, or
                    ' any contact outside synchronization OU,
                    ' we want to log a warning message
                    '
                    If (countCsRemaining > 1) _
                        OrElse (True = contactOutsideSyncOU) Then
                        LogString = LogString _
                            & ". Please refer to documentation " _
                            & "to resolve the conflict."
                        Log(LogString)
                    End If
                End If
            Next

        End Sub

Hi Nosh,

Thanks for that, makes perfect sense now!

I have tried adding this except I get an exception within VS.

If mventry("mail").ToLower().Contains("domain.com")) Then

It says: ToLower is not a member of the 'Microsoft.MetadirectoryServices.Attrib'

I changed it to: ToString however I know get an exception running a full sync:

 System.NullReferenceException: Object reference not set to an instance of an object.
   at Microsoft.MetadirectoryServices.GALSync.Synchronizer.GetConfigurationData() in C:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\SourceCode\GalSync - Copy\GALUtil.vb:line 523
   at Microsoft.MetadirectoryServices.GALSync.MASynchronizer.Initialize() in C:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\SourceCode\GalSync - Copy\GALMA.vb:line 19

Sorry, there is a missing part (.Value).

Here is the correct one.

mventry("mail").Value.ToLower.Contains("domain.com"))

Ok thanks Nosh, I presume I need to use this DLL with the MA I do not want to sync the specified domain to?  And use the original DLL with the others?

There is only one dll of this kind. This takes care

• Edited by Nosh Mernacaj 22 hours 25 minutes ago

Ok thanks very much.  What does the code do exactly?  I've re added the MA that domain C however nothing is going in our out of it since this code change

This is the provisioning code, refered to as provisioning DLL.

It is really hard to assist with the limited amount of information and the fact that you are not familiar with the product. 

This code "mventry("mail").Value.ToLower.Contains("domain.com")) " says that only users whose mail contains domain.com can be provisioned.  If you want to filter them, you need to say

if not mventry("mail").Value.ToLower.Contains("domain.com")) - which means all others but the users whose mail contains domain.com

Ok thanks I understand that bit now however I presume this is now set across every MA I have configured?
I will try and explain it again.

We have FIM 2010 R2 installed and using the sync service exclusivly to create cross forest contacts to aid us in a cross forest Exchange migration.  This is a straight out of the box install using the GAL MA.

We are migrating from Domain A (which hosts say domaina.com/domain1.com/domain2.com/domain3.com) to Domain B (which hosts domaina.com/domain1com/domain2.com) and also to domain C (which hosts domain3.com).  Domain B and C are not linked and do need another contacts synced to them aside from their respective domains.

I have created the first MA for Domain A.  Select the OU's I need, the email domains it hosts and  everything works as expected.  I then created the second MA for Domain B.  Selected a single OU for the GALsync contacts, added the email domains and this works great also.  The contacts that were generated from the first MA for Domain A sync fine into Domain B.

Now I need to add Domain C into the mix.  I do not want any of the contacts generated by Domain A's MA syncing into Domain C's MA.  I want to select the OU's I need in Domain A's MA and then presumably filter out the mail address's to only allow users with domain3.com addresses's.

I hope this makes sense and the issue I have clearer?
I really appreciate your help so far, please let me know if you need any more info.

I am essentially doing what is being done here:

http://www.msexchange.org/articles-tutorials/exchange-server-2010/migration-deployment/deep-dive-into-rich-coexistence-between-exchange-forests-part4.html

• Edited by traveyb1 17 hours 3 minutes ago

There is only one dll of this kind. This takes care

• Edited by Nosh Mernacaj Friday, February 06, 2015 1:21 PM

Ok thanks I understand that bit now however I presume this is now set across every MA I have configured?
I will try and explain it again.

We have FIM 2010 R2 installed and using the sync service exclusivly to create cross forest contacts to aid us in a cross forest Exchange migration.  This is a straight out of the box install using the GAL MA.

We are migrating from Domain A (which hosts say domaina.com/domain1.com/domain2.com/domain3.com) to Domain B (which hosts domaina.com/domain1com/domain2.com) and also to domain C (which hosts domain3.com).  Domain B and C are not linked and do need another contacts synced to them aside from their respective domains.

I have created the first MA for Domain A.  Select the OU's I need, the email domains it hosts and  everything works as expected.  I then created the second MA for Domain B.  Selected a single OU for the GALsync contacts, added the email domains and this works great also.  The contacts that were generated from the first MA for Domain A sync fine into Domain B.

Now I need to add Domain C into the mix.  I do not want any of the contacts generated by Domain A's MA syncing into Domain C's MA.  I want to select the OU's I need in Domain A's MA and then presumably filter out the mail address's to only allow users with domain3.com addresses's.

I hope this makes sense and the issue I have clearer?
I really appreciate your help so far, please let me know if you need any more info.

I am essentially doing what is being done here:

http://www.msexchange.org/articles-tutorials/exchange-server-2010/migration-deployment/deep-dive-into-rich-coexistence-between-exchange-forests-part4.html

• Edited by traveyb1 Friday, February 06, 2015 6:42 PM