none
Best way to synchronise already filled portal with other referencials RRS feed

  • Question

  • hello everyone

    i have a fim architecture with flows going from an sql table to an active directory, my design was to only update data in active directory and not create anything new,

    for some reason i've been having lots of failed-on-modification errors so i decided to clean all the connector spaces and import everything all over again,

    i was wondering what was the best way to remake my joins,and if the "enable sychronisation rule provisionning" had to be enable or not since i'm only joining data

    thanks for your help


    Hitch Bardawil

    Monday, October 22, 2012 7:58 PM

Answers

  • You should have either join rules for the AD MA itself or if you have inbound sync rule for users for AD, the relationship criteria acts as a join attribute. When you sync on the AD MA, it should join to the existing MV objects. I am assuming you have sAMAccountName in the AD MA and that the AccountName attribute in the MV is populated at this point by any of the other MAs that have already projected or joined.

    • Marked as answer by HitchB52 Thursday, February 7, 2013 12:13 PM
    Friday, October 26, 2012 4:41 AM

All replies

  • Hi,

    If you've got a unique attribute to join on in all your connected systems it should be fairly easy to clear out the CS and reimport Everything.

    If you want to use declarative provisioning you'll configure a couple of inbound sync rules and set the relationship/join for each rule to the attribute that you want to join on, import/sync the rules from FIM Service to FIM Sync and then import/sync the data from your connected systems.

    I don't think you need to check "Enable synchronization rule provisioning" in order to join your data.


    --- Jesper Lönnqvist, Identity Architect http://addition-it.se

    Tuesday, October 23, 2012 2:37 PM
  • Hitch,

    To follow up on what Jesper stated, you need to run import sync on FIM MA first. This is VERY important, for two reason:

    -the sync rules for the other MAs, they won't mean anything until they are in the MV

    -the FIM MA will actually be projecting your data. We have to have it do this as the FIM MA can only join on CSObjectID and MVObjectID, which, if you delete the connector space for all MAs, are lost.

    The checkbox should be cleared for the joining so as not to cause objectAlreadyExists exceptions when attempting to provision DNs other connected data source, such as AD.

    Wednesday, October 24, 2012 1:51 AM
  • thanks for your help guyz,

    so i did just that:

    • imported and synched from the FIM MA
    • imported from the destination AD
    • imported and synched from the source SQL DB

    so the joins did happens but since i did not sync my destination AD, my FIM MA did not project any changes to my destination. 

    so i figured i had to sync my destination too... 

     i suppose that even if i am only exporting to active directory, since there are objects already there i have to synchronise it too ? 

    thanks again


    Hitch Bardawil

    Wednesday, October 24, 2012 9:38 AM
  • Yes you should, if you don't FIM will try to flow the objects again an you get errors
    Wednesday, October 24, 2012 2:36 PM
  • You should have either join rules for the AD MA itself or if you have inbound sync rule for users for AD, the relationship criteria acts as a join attribute. When you sync on the AD MA, it should join to the existing MV objects. I am assuming you have sAMAccountName in the AD MA and that the AccountName attribute in the MV is populated at this point by any of the other MAs that have already projected or joined.

    • Marked as answer by HitchB52 Thursday, February 7, 2013 12:13 PM
    Friday, October 26, 2012 4:41 AM
  • Great guys thank you !

    Hitch Bardawil

    Friday, October 26, 2012 8:46 AM