none
MIM Criteria Group bug? RRS feed

  • Question

  • Hi,

    I have a simple criteria based Distribution Group in the MIM 2016 Portal; based on the criteria MIM Portal shows 10 members.

    All 10 members (user/person objects) are in MIM Portal and MIM Metaverse.

    When I look at the same Group membership in the MIM Metaverse, it only shows 9 members. So 1 user is missing.

    I have done countless Full Imports and Full Syncs on the MIM MA, but I am still missing 1 user from the Group in the Metaverse.

    Why do 9 of the users reflect correctly in the MV Group membership, and 1 remains absent, even though all 10 users are members in the same MIM Portal Group?

    Sounds like a bug?

    Thanks.

    PS. I have a few other MIM Portal Groups behaving the same way.

    Build: MIM 2016 4.3.2266.0


    • Edited by Shim Kwan Tuesday, February 21, 2017 10:04 PM
    Tuesday, February 21, 2017 9:47 PM

All replies

  • In another example, MIM Portal has 24 members, and the same Group in Metaverse shows 374 members!

    I have rebuilt the criteria, which fixed the problem temporarily.

    However, after creating a new user to match the Group criteria, once again find myself with a missing Group member.

    We dont have Deferred Group evaluation enabled - so why is the Group Membership not being updated in the MV?

    PS. yes, have run Full Import and Full Sync many times ;)


    • Edited by Shim Kwan Wednesday, February 22, 2017 3:12 AM
    Wednesday, February 22, 2017 3:06 AM
  • Hi,

    regarding your first post, can you check if the MV object has really a connector to MIM Portal, I guess because of Auto-Provisioning to Portal it will have) an if this is the object you added to the group compared by GUID ?

    Such things should only happen if MIM cannot handle the referential integrity correctly because of missing objects in CS or MV

    Regarding the 2nd post, did you get any errors on the MIM Portal Group having static member on a dynamic group ? The rebuild criteria could have cleared that up so you will not see that currently.

    Do you have import and export flows of member to MIM Portal ?

    /Peter


    Peter Stapf - ExpertCircle GmbH - My blog: JustIDM.wordpress.com

    Wednesday, February 22, 2017 7:56 AM
  • Hi,

    Yes, the Group has a Connector to MIM Service MA and AD MA.

    MIM Service MA join method is Projection-Rule. So yes, all Groups in MIM Portal are projected to MIM MV.

    GUID double checked and there is a match (same group, same GUID in Portal and MV).

    Clicking "View Members" in Portal shows all 20 users. Same Group in MV shows only 19 users.

    And yes, the CS for the MIM service MA is also only showing 19 users.

    The MIM Service MA, Group object has an Importing flow rule only - there is no Export, as its not required.

    Regarding the 2nd post question: I created a new user in the MIM Portal with the correct criteria to match the Group - for testing purposes. I did not create a static member. Its a criteria only Group.




    • Edited by Shim Kwan Thursday, February 23, 2017 6:55 AM
    Thursday, February 23, 2017 3:41 AM
  • Hi,

    i think I was not that clear in my mail.

    What I mean was to check if the user objects who are member ob that group are connected to both MAs.

    Espacially the ones that are missing in the group membership.

    /Peter


    Peter Stapf - ExpertCircle GmbH - My blog: JustIDM.wordpress.com

    Thursday, February 23, 2017 8:03 AM
  • Have you checked your import flow settings for the member attribute on group objects in MV?

    Go to MV designer, select group, then member attribute, and then "Comnfigure Attribute Flow". If your MIM MA is not the top one, or you have selected equal precedence with more than one source, that could explain why the MV does not show the same value as the portal.


    FIM architect - Crayon AS - www.crayon.com

    Thursday, February 23, 2017 12:36 PM
  • Peter,

    Yes, the user is in the MV.

    The user also is in the MIM Service MA Connector Space and the AD MA Connector Space (as MIM provisioned the user in AD).

    MIM is somehow excluding 1 entry in the multi-valued attribute "member" (on the Group object).

    This is starting to sound like a MIM bug.

    Thursday, February 23, 2017 8:06 PM
  • Elling,

    There is only 1 import flow, from MIM Portal to MIM MV of the Group object Member attribute.

    Thursday, February 23, 2017 8:14 PM
  • Hi,

    that sound really wired to me, never heared about such a bug.

    But if everything is correct and you also compared the missing user by GUID (that it is the right one) you should open a support case for that.

    Since there is a connector on that object at least from Portal to MV the group membership should reflect.

    /Peter


    Peter Stapf - ExpertCircle GmbH - My blog: JustIDM.wordpress.com

    Friday, February 24, 2017 7:30 AM