I'm provisioning a record from AD into a SQL table using FIM 2010 R2 Synchronization Engine.
The provisioning works fine. I'm taking the AD user object and FIM runs the provisioning code to create a record in SQL table. Here is my table design. Basically I'm taking the AD user and FIM is writing a record in SQL for that user. This part is working fine.
CREATE TABLE [dbo].[tbl_FGPP_Members]( [MemberObjectGUID] [varbinary](50) NULL, [MemberDN] [nvarchar](255) NOT NULL, [MemberObjectType] [nvarchar](10) NOT NULL, [Member_ADDomain] [nvarchar](16) NULL, [Member_sAMAccountName] [nvarchar](64) NULL ) ON [PRIMARY]
So on FIM SQL management agent I'm using 'MemberDN' as the anchor attribute. I could have used MemberObjectGuid but for troubleshooting memberDN is better as it contains a string value (distinguished name of the user from AD).
When an AD account is renamed or moved within an AD domain, it's distinguishedName will change. Since MemberDN is the anchor which is taking the distinguishedName value from AD in the provisioning code, I cannot just create a flow rule to update it. I was told, I could write some code to update it from the MVExtension provisioning code. So here is how I'm trying to do it:
void IMVSynchronization.Provision (MVEntry mventry) { ConnectedMA sqlFGPPUser; switch (mventry.ObjectType) { case "FGPPUser100": sqlFGPPUser = mventry.ConnectedMAs["DGROUPS - USERS SQL MA"]; mvObjectType = "FGPP100SQLUser"; if (sqlFGPPUser.Connectors.Count == 0) { createFGPPUsersInSQL(mventry, sqlFGPPUser); } else if (sqlFGPPUser.Connectors.Count == 1) { updateFGPPUsersInSQL(mventry, sqlFGPPUser); } break; } void updateFGPPUsersInSQL(MVEntry mventry, ConnectedMA sqlFGPPUser) { CSEntry csentry; ReferenceValue dn; csentry = sqlFGPPUser.Connectors.ByIndex[0]; dn = sqlFGPPUser.EscapeDNComponent(mventry["ADdistinguishedName"].Value); if (mventry["ADdistinguishedName"].Value.ToLower() != csentry.DN.ToString().ToLower()) { try { csentry.DN = dn; } catch (Exception Ex) { throw new Exception("Exception Message: Exception encountered while renaming the MemberDN " + Ex.Message.ToString()); } } }
However, when I rename the AD user and import and then run sync run profile, I get the following error:
System.Exception: Exception Message: Exception encountered while renaming the MemberDN attribute MemberDN is read-only
at Mms_Metaverse.MVExtensionObject.updateFGPPUsersInSQL(MVEntry& mventry, ConnectedMA& sqlFGPPUser) in D:\FIM C# Code\FGPP100\FGPP100\MVExtension\MVExtension.cs:line 526
at Mms_Metaverse.MVExtensionObject.Microsoft.MetadirectoryServices.IMVSynchronization.Provision(MVEntry mventry) in D:\FIM C# Code\FGPP100\FGPP100\MVExtension\MVExtension.cs:line 566
What am I doing wrong? :(
- Edited by gtrivedi1980 Thursday, June 18, 2015 5:32 PM correction