How do I sync AD with a CSV file?

Ask a question

Monday, March 04, 2013 4:26 PM

0
Apologies for the length of the post.

I'm new to FIM 2010 and I have a need to sync AD (Contoso) with a CSV file (the CSV is a csvde export from an external domain). I don't need to export any data from Contoso, simply load an initial config from the CSV and perform delta imports thereafter.

So far, I've done the following:

1. Installed and configured FIM 2010
2. Created 3 management agents:

-Contoso MA: selecting user, with a declared projection rule for user and an export attribute flow from datasource to metaverse. Selected attributes include displayName, employeeid givenName, sn, SAMAccount and mail (anchor set as employeeid)

-FIM MA: mostly set to defaults with the fim server details

-CSV MA: selecting my CSV file with join and a declared projection rule. Selected attributes are displayName, objectSid ,givenName, sn, SAMAccount and mail (anchor set as employeeid)

I'm planning on using objectSid from the CSV to anchor onto employee ID in the metaverse (employeeID will be used to anchor metaverse person to Contoso user).

I've created an inbound syncrhonization within the Fim web gui to match person with person on the 'CSV MA' (relationship is employeeID=objectSid).

I've created an outbound synchronization rule 'Export AD' which matches metaverse person to user with my 'Contoso MA' (relationship is employeeid=employeeid. I've added the outbound attribute flow and added constants for password, UAC and DN, as well as checked 'create resource in external system'.

I've ran my profiles (I can see the correct number of additions and changes listed), then searched in the Metaverse window, but all I get is the names of my MA's pop up. The users from my CSV file do not appear in Contoso.

I'm using the following links to get this working and am not sure where I've got it wrong:

http://technet.microsoft.com/en-us/library/ff686936(v=ws.10).aspx

http://www.wapshere.com/missmiis/fim-walkthroughs-import-data-from-hr-to-the-fim-portal

I only want to sync CSV to FIM and FIM to AD.

If I'm using a new CSV file each time I try to do a sync, do I just need a single import and synchronization for my CSV MA? Because I want to sync AD with the metaverse, do I need import, sync and export run profiles? I'm guessing it should work as follows:

CSV MA ---> Full import and sync rule --> puts information into connector data space (CDS)? FIM MA full import imports CSV person info from CDS
FIM MA export run profile ---> Exports information to AD

I'm not sure which run profiles I need on my Contoso MA.

Also, do I need the join and projection rules enabled? I haven't configured management policy rules - are these needed?

Thanks for the help....
- Edited by EuroTechie2013 Monday, March 04, 2013 4:29 PM
- Reply
- Quote

All Replies

Monday, March 04, 2013 4:49 PM

0

When you do the AD export, do you see the object and attribute in AD ?

Regards,
Anirban(India).
- Reply
- Quote
Monday, March 04, 2013 9:31 PM

Owner

0
Are you using FIM 2010 or FIM 2010R2?
The version of FIM you are using has an impact on the options you have manage outbound data.

My suggestion for you would be to start with:
1. Introduction to Inbound Synchronization
2. Introduction to Filter Based Outbound Synchronization (if you are using FIM 2010 R2)
3. Introduction to Synchronization Policy Based Outbound Synchronization
These guides will give you a basic overview of how the synchronization process works and as such, they are paving the way to more complex scenarios.
The next topic would then be Introduction to Publishing To Active Directory Domain Service from Two Authoritative Data Sources.
This scenario might be even pretty close to what it is you need to accomplish.

The “How Do I Guides” are probably not the right articles for you yet because they assume that you are familiar with the concepts that are covered in the articles above.

Cheers,
Markus

Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation
- Marked As Answer by Markus VilcinskasMicrosoft Employee, Owner 5 hours 58 minutes ago
- Reply
- Quote
Tuesday, March 05, 2013 1:59 PM

0

Thanks Markus,

It's FIM 2010 R2, I'll read over the links you've provided - but I may ask you one or two more questions :-)
- Reply
- Quote
Tuesday, March 05, 2013 4:16 PM

Owner

0

That's fine - you can even ask three more questions :-)

Cheers,
Markus
Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation
- Reply
- Quote
Tuesday, March 05, 2013 6:06 PM

0
Good man!

I've followed the inbound synchronization guide, but have a couple of questions.

I've got a CSV file with displayName, objectSid ,givenName, sn, SAMAccount and mail.

I have 2 MAs (FileMA and FIMMA). I've ran through the configuration guide and selected my CSV file for the FileMA. For the FIMMA I've changed the object mappings to match the fields I want.

I've then created an inbound sync rule for FileMA.

Run Profiles - I've ran the FileMA delta and full sync, seen the updates in the Synchronization service manager. I've then ran the full import and full sync on the FIMMA, then done an export on my FIMMA.

If I then search within the FIM SharePoint portal, I can see my loaded users with all of their attributes, apart from 'Account Name'. I've tried playing about with the loginName & Account Name mappings in the FIMMA agent, as well as the synchronization rule, but I just can't get the login Name to show as 'Account name' within the fim portal.

Also, I've updated my CSV file by changing a user's email address, ran a delta import and a full sync on FileMA. The synchronization service shows the correct number of rows have been updated. I've then an export on the FIMMA, but this shows 0 rows updated.

The issue I have is that within the portal I never see my user's 'Account Name' or updated email address, however if use metaverse search within the synchronization service I can see the correct object results (i.e. loginName based on SAMAccountName and updated email address). I need to ensure that the login name is imported into FIM before I export it.

Please advise, thanks in advance (pics of FIMMA object mapping, sync rules and portal view shown)
- Edited by EuroTechie2013 Tuesday, March 05, 2013 6:09 PM
- Reply
- Quote
Tuesday, March 05, 2013 7:02 PM

Owner

0

I’m not around my environment right now – so, this is just from the top of my head.

The issue you are facing sounds to me like a precedence issue.
About attribute flow precedence covers this topic in greater detail.

There is a great preview feature in the synchronization manager.
It allows you to “debug / take a closer look at” how an object is processed.
This is typically the best method to understand synchronization related issues.
This article has more details on how to use the preview: Troubleshooting Generic FIM Synchronization Errors.

In your case, I would expect the preview to show information that is related to attribute flow precedence.

Cheers,
Markus
Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation
- Reply
- Quote
Thursday, March 07, 2013 10:17 AM

0

Cheers, I'll give the links a good read.

When I search for a user using the metaverse search within the synchronization service manager I can see a full set of attributes for a person, however when I look at a user within the fim portal, I only see a subset of these attributes. Why is this? Does the portal have its' own connector space?

Thanks
- Reply
- Quote
Wednesday, March 13, 2013 9:23 AM

Owner

1
This is probably related to your attribute flow precedence configuration.

Cheers,
Markus

Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation
- Marked As Answer by Markus VilcinskasMicrosoft Employee, Owner 5 hours 58 minutes ago
- Reply
- Quote

How do I sync AD with a CSV file?

All Replies

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support by product

Other support links

Not an IT pro?