updating the anchor value for SQL MA from FIM provisioning code

I'm provisioning a record from AD into a SQL table using FIM 2010 R2 Synchronization Engine.

The provisioning works fine. I'm taking the AD user object and FIM runs the provisioning code to create a record in SQL table. Here is my table design. Basically I'm taking the AD user and FIM is writing a record in SQL for that user. This part is working fine.

CREATE TABLE [dbo].[tbl_FGPP_Members](
	[MemberObjectGUID] [varbinary](50) NULL,
	[MemberDN] [nvarchar](255) NOT NULL,
	[MemberObjectType] [nvarchar](10) NOT NULL,
	[Member_ADDomain] [nvarchar](16) NULL,
	[Member_sAMAccountName] [nvarchar](64) NULL
) ON [PRIMARY]

So on FIM SQL management agent I'm using 'MemberDN' as the anchor attribute. I could have used MemberObjectGuid but for troubleshooting memberDN is better as it contains a string value (distinguished name of the user from AD).

When an AD account is renamed or moved within an AD domain, it's distinguishedName will change. Since MemberDN is the anchor which is taking the distinguishedName value from AD in the provisioning code, I cannot just create a flow rule to update it. I was told, I could write some code to update it from the MVExtension provisioning code. So here is how I'm trying to do it:

        void IMVSynchronization.Provision (MVEntry mventry)
        {
           ConnectedMA sqlFGPPUser;


            switch (mventry.ObjectType)
            {


                case "FGPPUser100":
                    sqlFGPPUser = mventry.ConnectedMAs["DGROUPS - USERS SQL MA"];
                    mvObjectType = "FGPP100SQLUser";

                    if (sqlFGPPUser.Connectors.Count == 0)
                    {
                        createFGPPUsersInSQL(mventry, sqlFGPPUser);
                    }

                    else if (sqlFGPPUser.Connectors.Count == 1)
                    {                        
                        updateFGPPUsersInSQL(mventry, sqlFGPPUser);                                            }
                    
break;
}



        void updateFGPPUsersInSQL(MVEntry mventry, ConnectedMA sqlFGPPUser)
        {
            CSEntry csentry;
            ReferenceValue dn;

            csentry = sqlFGPPUser.Connectors.ByIndex[0];
            dn = sqlFGPPUser.EscapeDNComponent(mventry["ADdistinguishedName"].Value);

            if (mventry["ADdistinguishedName"].Value.ToLower() != csentry.DN.ToString().ToLower())
            {
                try
                {
                    csentry.DN = dn;
                }
                catch (Exception Ex)
                {
                    throw new Exception("Exception Message: Exception encountered while renaming the MemberDN " + Ex.Message.ToString());
                }
            }
        }

However, when I rename the AD user and import and then run sync run profile, I get the following error:

System.Exception: Exception Message: Exception encountered while renaming the MemberDN attribute MemberDN is read-only
   at Mms_Metaverse.MVExtensionObject.updateFGPPUsersInSQL(MVEntry& mventry, ConnectedMA& sqlFGPPUser) in D:\FIM C# Code\FGPP100\FGPP100\MVExtension\MVExtension.cs:line 526
   at Mms_Metaverse.MVExtensionObject.Microsoft.MetadirectoryServices.IMVSynchronization.Provision(MVEntry mventry) in D:\FIM C# Code\FGPP100\FGPP100\MVExtension\MVExtension.cs:line 566

What am I doing wrong? :(


  • Edited by gtrivedi1980 Thursday, June 18, 2015 5:32 PM correction
June 18th, 2015 5:29pm

You can certainly do an advanced join on DN, but I highly advise you against as this may result on a bad j
Free Windows Admin Tool Kit Click here and download it now
June 21st, 2015 7:41am

No that is not the case. Join happens once. If there is already an object in mv that was joined prior, it remains joined no matter the changes are after. Only a change on anchor causes a new projection. In ADMA anchor is a guid that you cant change or controll. So joining is not going to
June 21st, 2015 12:46pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics