none
Problems with users not receiving Expected Rules List. RRS feed

  • General discussion

  • So a couple of months ago we switched to FIM 2010 R2 from Novell's IDM solution so I'm still getting the hang of things. We have roughly 130,000 users and over a million records in my FIM MA. I only mention the size of things since I'm unsure if it could be the source of our issue and because it does influence how long it takes me to run Full Imports and Full Syncs on it.

    The problem I am seeing is that I have new records being created with all correct attributes in my source table. I run a Full Import/Delta Sync on it to read in new records and changes. Export to my FIM MA and it creates new users and they show in the correct set but do not always receive the Expected Rules List. This is a problem since they don't receive the MPRs to create their AD account. If I delete the user in FIM and re-import from my Source MA it typically receives everything and creates the AD account.

    I've examined the users in the FIM Portal before deleting and cannot see why they aren't receiving the correct ERLs. Any ideas on how I can troubleshoot?

    Friday, September 28, 2012 6:33 PM

All replies

  • If you look at the request to create the user in the portal, is the request successful? Does the Applied Policy tab show all of the requisite MPRs?


    My Book - Active Directory, 4th Edition
    My Blog - www.briandesmond.com

    Friday, September 28, 2012 9:02 PM
    Moderator
  • Hi,

    There is two reasons.

    1:- Please define the run profiles sequence. It matter in which sequence you run the MA's

    2:- Check the attributes precedence.

    Regards,


    M. Irfan

    Friday, September 28, 2012 9:15 PM
  • Hi,

    There is two reasons.

    1:- Please define the run profiles sequence. It matter in which sequence you run the MA's

    2:- Check the attributes precedence.

    Regards,


    M. Irfan


    I'm not sure how you can definitively state that there is only two possible reasons this could happen...

    My Book - Active Directory, 4th Edition
    My Blog - www.briandesmond.com

    Friday, September 28, 2012 9:16 PM
    Moderator
  • There are no request pending and I cannot find ANY completed request. Do I need to enable something to log completed request? I can quarentee you there are completed request since I have created/modified and deleted thousands of accounts already. When I look at the Provisioning tab on a problemed user, there are zero MPRs listed when there should be three. So no "Not Applied" or "Pending", they are just not there.

    If I delete the user from the FIM Portal and do a delta import/delta sync on the FIM MA then perform a Full Import/Delta Sync on my SQL MA I can then export to the FIM MA most of the time and the user will be created and have the MPRs listed in pending status. I can then Delta Import/Delta Sync on the FIM MA and export to AD and it will create.

    So again, most of the time it works but I am seeing this problem frequently enough that it's an issue that I am having to delete from the FIM MA and re-run my usual process.


    • Edited by willwallguy Tuesday, October 2, 2012 1:58 PM
    Tuesday, October 2, 2012 1:57 PM