none
Problem exporting to PowerShell MA - The DN must be set before calling CSEntry.CommitNewConnector.

    Question

  • Hello,

    I'm currently in the process of implementing FIM for the first time and am struggling with something which I feel should be fairly simple. I'm trying to export data to a text file and am using Søren Granfeldt's PowerShell MA to do so. I'm exporting three attributes - the accountname (which is the anchor), an accountid (an integer), and the email address. I've setup the MA and run profiles, and have created an Outbound-only synchronisation rule which uses the Outbound System Scoping Filter to filter by a string, which is set to 'Valid.'

    When I perform a full sync on the FIM Service MA, in order to get the sync engine to work out which objects need to be exported, all of the objects that should be exported report a sync-rule-flow-provisioning-failed error. A stack trace on this presents me with: Microsoft.MetadirectoryServices.ProvisioningBySyncRuleException: The DN must be set before calling CSEntry.CommitNewConnector.

    I'm stuck. Does any have any specific advice on these errors, or just general advice on how to do what I want to do?

    Thanks,
    Sean.

    Tuesday, April 08, 2014 3:15 PM

Answers

  • What do your outbound attribute flows look like, are you doing an initial flow to DN? 
    • Marked as answer by Sean E Gray Wednesday, July 09, 2014 8:33 AM
    Wednesday, April 09, 2014 12:43 AM

All replies

  • This error can occur if you haven't first imported the OU structure on the target connector space.  For example, if you are reading a CSV file and provisioning to AD, you need to first do an import on the AD connector space so that it is aware of the complete OU (DN) structure of a user.


    Mike Crowley | MVP
    My Blog -- Planet Technologies

    Tuesday, April 08, 2014 9:08 PM
  • What do your outbound attribute flows look like, are you doing an initial flow to DN? 
    • Marked as answer by Sean E Gray Wednesday, July 09, 2014 8:33 AM
    Wednesday, April 09, 2014 12:43 AM
  • I'm not provisioning to AD; I'm trying to export to a text file through a PowerShell connector. There's nothing to import yet, and there's no attribute called DN.

    My outbound attribute flows are:

    accountName => Username (Initial Flow Only, Anchor)
    PrintAccountID => AccountID
    mailNickname => LocalPart

    Sean.

    Wednesday, April 09, 2014 8:18 AM
  • Problem solved. There appears to be an option to flow an attribute to 'dn' in the sync rule, even though the CDS doesn't have this attribute - I assume this is part of the MA as standard but could swear that I didn't see it before.

    Sorry for the stupid question.

    Sean.

    Wednesday, April 09, 2014 10:48 AM
  • The dn is pretty standard - and I've seen it before :-) Hopefully the MA is working out for you?

    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | facebook https://www.facebook.com/TheIdentityManagementExplorer | twitter at https://twitter.com/#!/MrGranfeldt

    Wednesday, May 07, 2014 9:54 AM
  • I'm struggling with same issue here.. what exactly did you configure for your outbound synchronization rule in the portal? What are you flowing to PSMAs 'dn' -attribute?

    Friday, June 27, 2014 10:27 AM
  • I'm struggling with same issue here.. what exactly did you configure for your outbound synchronization rule in the portal? What are you flowing to PSMAs 'dn' -attribute?

    Please refer here: How Do I Provision Users to AD DS

    Initial outbound attribute flows

    Allow nulls

    Destination

    Source

    false

    dn

    +("CN=",displayName,",OU=FIMObjects,DC=fabrikam,DC=com")

    false

    userAccountControl

    Constant: 512

    false

    unicodePwd

    Constant: P@$$W0rd

     

    Persistent outbound attribute flows

    Allow nulls

    Destination

    Source

    false

    sAMAccountName

    accountName

    false

    displayName

    displayName

    false

    givenName

    firstName

    false

    sn

    lastName


    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    • Proposed as answer by FIMService Friday, June 27, 2014 10:44 AM
    • Unproposed as answer by Sean E Gray Wednesday, July 09, 2014 8:33 AM
    Friday, June 27, 2014 10:43 AM
  • I'm not talking about AD here, it works just fine...We're talking about Powershell Management Agent outbound flow.

    I'm hitting an error that object doesn't have a parent object in management agent 'PSMA'

    I'm trying to provision stuff from HR to AD and to PSMA using portal sync rules.

    Friday, June 27, 2014 10:52 AM
  • You have to import structure using PowerShell MA to have parent objects in it.

    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    Friday, June 27, 2014 10:55 AM
  • Yeah, my import says objects-not-found because there aren't any objects to be imported.. any example import scripts that do the stuff I need?

    Friday, June 27, 2014 1:03 PM