none
System.NullReferenceException: Object reference not set to an instance of an object. RRS feed

  • Question

  • Hi all

    I'am having some issues with the codeless provisioning framework from granfeld. Long story short, i'am simply synchronising AD accounts from one AD forest to another. And I would like to achieve this without the use of FIM Service and Portal. So I have tried to achieve this with the sample script and dll from granfeldt.

    But I'am a bit new at this and is getting this error on full import and full sync from the Source AD.

    System.NullReferenceException: Object reference not set to an instance of an object.
       at Granfeldt.MVEngine.Provision(MVEntry mventry)

    This is the content of the FIM.MRE.xml:

    <?xml version="1.0" encoding="utf-8"?>
    <RulesFile xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
      <DisableAllRules>false</DisableAllRules>
      <Rules>
             <Rule>
          <Name>provision person to ad13180lyn</Name>
          <Description></Description>
          <TargetManagementAgentName xsi:type="xsd:string">ad13180lync</TargetManagementAgentName>
          <Enabled>true</Enabled>
          <SourceObject>person</SourceObject>
          <TargetObject>user</TargetObject>
          <Action>provision</Action>
          <InitialFlows>
            <AttributeFlowBase xsi:type="AttributeFlowConstant">
              <Constant>CN=#mv:displayName#,OU=ImportedAccounts,OU=Users,OU=ad13180lyn,DC=ad13180lyn,DC=ddc,DC=intra</Constant>
              <Target>[DN]</Target>
            </AttributeFlowBase>
            <AttributeFlowBase xsi:type="AttributeFlowConstant">
              <Constant>Passw0rd</Constant>
              <Target>unicodePwd</Target>
            </AttributeFlowBase>
            <AttributeFlowBase xsi:type="AttributeFlowConstant">
              <Constant>514</Constant>
              <Target>userAccountControl</Target>
            </AttributeFlowBase>
            <AttributeFlowBase xsi:type="AttributeFlowAttribute">
              <Source>accountName</Source>
              <Target>sAMAccountName</Target>
            </AttributeFlowBase>
          </InitialFlows>
        </Rule>
      </Rules>
    </RulesFile>

    Does anybody se any issues with this xml file?

    I really would like to make this as simple as possible, just import the accounts and provisioned them into ImportedAccounts OU, disabled state.


    Andre


    • Edited by froand Tuesday, June 16, 2015 9:38 PM
    Tuesday, June 16, 2015 9:35 PM

Answers

  • Just a quick long shot.

    You may be missing the <Condtions> tag. Even, if you dont have any conditions, there may be an issue with the code still trying to access the conditions. Try adding <Conditions></Conditions> to your rule.

    I cannot test this right now, but when I get the chance, I'll double check whether or not it is a requirement and remove that issue from the upcoming version.

    Thank you...


    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | facebook https://www.facebook.com/TheIdentityManagementExplorer | twitter at https://twitter.com/#!/MrGranfeldt

    • Marked as answer by froand Sunday, June 21, 2015 9:41 AM
    Saturday, June 20, 2015 6:10 PM

All replies

  • I am not familiar with "granfeld", but I see 2 issues.

    1. DN has illegal characters "#"

    2. You need to set the attribute userPrincipalName in AD

    Try fixing these two and try. if you don't have luck, you may need to show us more details of your configuration.


    Nosh Mernacaj, Identity Management Specialist

    Wednesday, June 17, 2015 1:28 PM
  • OK, thanks for the answer.

    The Reference to Granfeldts is to this website:
    https://fimmre.codeplex.com/wikipage?title=The%20kit&referringTitle=Documentation

    I have removed the # and added userPrincipalName, but I dont know if its in the right format..

    <?xml version="1.0" encoding="utf-8"?>
    <RulesFile xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
      <DisableAllRules>false</DisableAllRules>
      <Rules>
             <Rule>
          <Name>provision person to ad13180lyn</Name>
          <Description></Description>
          <TargetManagementAgentName xsi:type="xsd:string">ad13180lync</TargetManagementAgentName>
          <Enabled>true</Enabled>
          <SourceObject>person</SourceObject>
          <TargetObject>user</TargetObject>
          <Action>provision</Action>
          <InitialFlows>
    	<AttributeFlowBase xsi:type="AttributeFlowConstant">
              <Constant>mv:accountName+"@ad13180lync.ddc.intra"</Constant>
              <Target>userPrincipalName</Target>
            </AttributeFlowBase>
            <AttributeFlowBase xsi:type="AttributeFlowConstant">
              <Constant>CN=mv:displayName,OU=ImportedAccounts,OU=Users,OU=ad13180lyn,DC=ad13180lyn,DC=ddc,DC=intra</Constant>
              <Target>[DN]</Target>
            </AttributeFlowBase>
            <AttributeFlowBase xsi:type="AttributeFlowConstant">
              <Constant>Passw0rd</Constant>
              <Target>unicodePwd</Target>
            </AttributeFlowBase>
    	<AttributeFlowBase xsi:type="AttributeFlowConstant">
              <Constant>514</Constant>
              <Target>userAccountControl</Target>
            </AttributeFlowBase>
            <AttributeFlowBase xsi:type="AttributeFlowAttribute">
              <Source>accountName</Source>
              <Target>sAMAccountName</Target>
            </AttributeFlowBase>
          </InitialFlows>
        </Rule>
      </Rules>
    </RulesFile>

    I got the same error after the change

    How can I show you more of the config? I have created two MA, one for Source and one for destination AD Forest With the AD MA agent template.

    I selected the attributes I needed and flow them Direct import from the Source AD MA and the same attributes where selected as export in the destination AD MA. I also selected person Project in the Source AD MA.

    best regards Andre 


    Andre



    • Edited by froand Wednesday, June 17, 2015 9:44 PM
    Wednesday, June 17, 2015 9:33 PM
  • You still have bad formats. 1. DN needs to be like this "cn=nosh mernacaj,ou=....... 2. UserPrincipalName needs to be "nmernacaj@ad......." Basically you have variables where real data values should be.

    Nosh Mernacaj, Identity Management Specialist

    Wednesday, June 17, 2015 9:37 PM
  • I think the point is to have variables: #mv:displayName#.

    If you read the documentation from the website, you will understand.


    Andre


    • Edited by froand Thursday, June 18, 2015 12:08 PM
    Thursday, June 18, 2015 12:08 PM
  • The website url got stripped out by MS moderator, but While you may be right on it , the format is different from say accountName. Also. Can you see on metaverse what value is being passed exactly?

    Nosh Mernacaj, Identity Management Specialist

    Thursday, June 18, 2015 12:16 PM
  • ok, here it is again:
    https://fimmre.codeplex.com/wikipage?title=The%20kit&referringTitle=Documentation

    This is the value from the Source AD MA projected into MV:

    CN=surname\, Firstname,OU=Users,DC=hl,DC=ad


    Andre

    Thursday, June 18, 2015 12:27 PM
  • Projected value will always be correct. I need to see what FIM is exporting to target where the failure occurs.

    Nosh Mernacaj, Identity Management Specialist

    Thursday, June 18, 2015 12:31 PM
  • There haven't been exported enything yet because af the extension-dll-exception error i posted:

    System.NullReferenceException: Object reference not set to an instance of an object.
       at Granfeldt.MVEngine.Provision(MVEntry mventry)


    Andre


    • Edited by froand Thursday, June 18, 2015 12:38 PM
    Thursday, June 18, 2015 12:34 PM
  • I know but you can see from a preview in Metaverse. Go to fim sync client or metaverse. Find an object that fails in metaverse search Do a full sync preview Check the connector of target and you will see what values are being passed and also the errors if any. If you are not sure how to do thos, please let me know or google how to run preview in fim metaverse.

    Nosh Mernacaj, Identity Management Specialist

    Thursday, June 18, 2015 12:39 PM
  • ok :)

    I got same error here and no data..


    Andre

    Thursday, June 18, 2015 12:43 PM
  • Now if you click on "Stack Trace" you will get the details of the error.

    Please send that


    Nosh Mernacaj, Identity Management Specialist

    Thursday, June 18, 2015 1:07 PM

  • Andre

    Thursday, June 18, 2015 1:09 PM
  • 1. To set the records straight, After reviewing the website (codeplex) this is not codeless provisioning. This is classical rules (CODE).  Codeless provisioning refers to Microsoft's methodology done in FIM Portal.

    2. in order for this to work, you need these steps

    -Full Import and Full Sync on The target MA

    -I still believe this is not correct. CN=mv:displayName,OU=ImportedAccounts,OU=Users,OU=ad13180lyn,DC=ad13180lyn

    3. If you click close on the window shown, there is something behind I cannot see that can offer more clues.


    Nosh Mernacaj, Identity Management Specialist

    Thursday, June 18, 2015 1:16 PM
  • I think your xml may be fine, according to the documentation from codeplex.

    The accountName may be empty in MV

    On the AD MA Source, are you mapping sAMAccountName to accountName in MV as import rule?


    Nosh Mernacaj, Identity Management Specialist

    Thursday, June 18, 2015 1:46 PM
  • Good :) Yes, I am flowing mapping sAMAccountName to accountName in MV as import rule from the Source AD.

    But i have tried to remove parts of the zml file to see where it failes. And i stop gettings errors when all the rules are removed. And starts showing up again after I instert this part:

    <Name>provision person to ad13180lyn</Name>
          <Description></Description>
          <TargetManagementAgentName xsi:type="xsd:string">ad13180lync</TargetManagementAgentName>
          <Enabled>true</Enabled>
          <SourceObject>person</SourceObject>
          <TargetObject>user</TargetObject>
          <Action>provision</Action>
    So it has to got something do do With this part..


    Andre

    Thursday, June 18, 2015 3:20 PM
  • I am sorry,

    1. I was referring to the last screen shot. If you remove the top window, the one on the background has some useful information.

    2. Please make sure your MA Name where you are provisioning these users is "ad13180lync".

    I see that the Name is "ad13180lyn" and TargetManagementAgentName is "ad13180lync".


    Nosh Mernacaj, Identity Management Specialist

    Thursday, June 18, 2015 3:31 PM
  • You are absolutely right, I had the wrong name on the MA name, corrected it now. But still the same error :(

    Here is the window in the back

    Here is a screenshot of destination AD M flow


    Andre

    Thursday, June 18, 2015 3:56 PM
  • now I see name as hI.AD, is that the name? And has it been updated accordingly?

    After that, you need to run another FULL sync Preview

    Observation: You don't need (and cant have) CN mapping. That is part of the DN


    Nosh Mernacaj, Identity Management Specialist

    Thursday, June 18, 2015 4:00 PM
  • Yes, hl.ad is the Source AD MA name and domain name.

    I haven't created an provisioning xml code for hl.ad. I didnt think i needed to, since this only going to be an one way sync.

    I removed the CN mapping from both Source and destination AD MA flow.


    Andre

    Thursday, June 18, 2015 4:12 PM
  • FIY: I have enabled rule provisioning as well as codeplex instructed.


    Andre

    Thursday, June 18, 2015 4:16 PM
    1. The process you are following is a Classical Provisioning method. Someone has created a generic DLL that allows you to provide the attributes in an XML file.

    Same rules and principles apply, however. 

    The fact that this was published in codeplex, does not mean it is Plug-and-play and anyone can use it.  There are a lot of things you need to know and be aware. Even if you passed this stage, you will get in trouble soon, without some basic understanding of FIM.

    1. You do need to enable provisioning, if you want to be able to provision users. The reason errors disappear when you disable it, is because nothing is happening. The DLL is not being executed.
    2. Error suggests, 99% that you do not have the right names or attributes in place, most likely the MA name.  Or the MA has not been properly configured. 
    3. If hI.AD is the source and ad13180lync is the target, then you import all users from hI.AD (Project to MV) and provision to ad13180lync.  If you have users in MV, the hI.AD job is done.  Now you need to write those users to ad13180lync. This is where your trouble is. 
    4. You need an AM for ad13180lync properly configured (all relevant OUs selected) and an initial FULL Import ran, so that there is data in the connector space.  If you search the connectorSpace for ad13180lync, do you see anything?
    5. Next thing, you ran the FULL Sync on the hI.AD and this is where the error happens.  That means (appears) the name of the ad13180lync MA is not correct.  We need the name of MA, not AD Domain.  Please show me this MA.


    Nosh Mernacaj, Identity Management Specialist

    Thursday, June 18, 2015 5:19 PM
  • Yes I understand. I have experience and understanding of FIM, but only togheter with FIM Service/Portal :)

    1. I understand, Provisioning enabled.

    2. Checked, I changed the name in the script and MA name to make it easyer. The name of the MA is: DestinationAD. The name of TargetManagementAgentName is: DestinationAD

    3. Yes, the users are in the MV, So hl.ad MA has done its job and is working.

    4.This has been done and as there are no users in the selected OU yet, only this is in the CS.

    5.Yes, this is correct. The errors appears on full sync hl.ad. As mentiod in 2, I changed it now. Same error occours.

    FIM.MRE.xml

    <?xml version="1.0" encoding="utf-8"?>
    <RulesFile xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
      <DisableAllRules>false</DisableAllRules>
      <Rules>
          <Rule>
    	<Name>DestinationAD</Name>
          <Description></Description>
          <TargetManagementAgentName>DestinationAD</TargetManagementAgentName>
          <Enabled>true</Enabled>
          <SourceObject>person</SourceObject>
          <TargetObject>user</TargetObject>
          <Action>provision</Action>
          <InitialFlows>
    	<AttributeFlowBase xsi:type="AttributeFlowConstant">
    	<EscapedCN>CN=#mv:accountName#</EscapedCN>
              <Constant>#Param:EscapedCN#,OU=ImportedAccounts,OU=Users,OU=ad13180lyn,DC=ad13180lyn,DC=ddc,DC=intra</Constant>
              <Target>[DN]</Target>
            </AttributeFlowBase>
            <AttributeFlowBase xsi:type="AttributeFlowConstant">
              <Constant>Passw0rd</Constant>
              <Target>unicodePwd</Target>
            </AttributeFlowBase>
    	<AttributeFlowBase xsi:type="AttributeFlowConstant">
              <Constant>514</Constant>
              <Target>userAccountControl</Target>
            </AttributeFlowBase>
            <AttributeFlowBase xsi:type="AttributeFlowAttribute">
              <Source>accountName</Source>
              <Target>sAMAccountName</Target>
            </AttributeFlowBase>     
    	</InitialFlows>
          </Rule>
      </Rules>
    </RulesFile>


    Andre

    Friday, June 19, 2015 8:07 AM
  • Hi I'm curios what this is. Could you enable logging and maybe post the log ? Also, please let me know which version of the DLL you're using. I got a new one coming out very soon. Thanks Soren

    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | facebook https://www.facebook.com/TheIdentityManagementExplorer | twitter at https://twitter.com/#!/MrGranfeldt

    Friday, June 19, 2015 2:35 PM
  • Hi Søren.

    I am using the latest available from codeplex.

    Here are a part of the log, it repeates it's self for every Object so I only posted the first 3:

    InitializeWorker->Initialize->Log InitializeWorker->Initialize: Leave
    Provision->Log Provision: Enter
    Provision Start rule 'DestinationAD' (MA DestinationAD)
    Provision Object (person):  (GUID 2da55ae4-3713-e511-9402-005056ad32a3)
    Provision->ConditionsApply->Log Provision->ConditionsApply: Enter
    Provision->ConditionsApply System.NullReferenceException: Object reference not set to an instance of an object.
    Provision->ConditionsApply->Log Provision->ConditionsApply: Leave
    Provision System.NullReferenceException: Object reference not set to an instance of an object.
    Provision->Log Provision: Leave
    Provision->Log Provision: Enter
    Provision Start rule 'DestinationAD' (MA DestinationAD)
    Provision Object (person):  (GUID 2ea55ae4-3713-e511-9402-005056ad32a3)
    Provision->ConditionsApply->Log Provision->ConditionsApply: Enter
    Provision->ConditionsApply System.NullReferenceException: Object reference not set to an instance of an object.
    Provision->ConditionsApply->Log Provision->ConditionsApply: Leave
    Provision System.NullReferenceException: Object reference not set to an instance of an object.
    Provision->Log Provision: Leave
    Provision->Log Provision: Enter
    Provision Start rule 'DestinationAD' (MA DestinationAD)
    Provision Object (person): CN=Microsoft Corporation,L=Redmond,S=Washington,C=US (GUID 2fa55ae4-3713-e511-9402-005056ad32a3)
    Provision->ConditionsApply->Log Provision->ConditionsApply: Enter
    Provision->ConditionsApply System.NullReferenceException: Object reference not set to an instance of an object.
    Provision->ConditionsApply->Log Provision->ConditionsApply: Leave
    Provision System.NullReferenceException: Object reference not set to an instance of an object.
    Provision->Log Provision: Leave


    Andre

    Saturday, June 20, 2015 5:45 PM
  • Just a quick long shot.

    You may be missing the <Condtions> tag. Even, if you dont have any conditions, there may be an issue with the code still trying to access the conditions. Try adding <Conditions></Conditions> to your rule.

    I cannot test this right now, but when I get the chance, I'll double check whether or not it is a requirement and remove that issue from the upcoming version.

    Thank you...


    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | facebook https://www.facebook.com/TheIdentityManagementExplorer | twitter at https://twitter.com/#!/MrGranfeldt

    • Marked as answer by froand Sunday, June 21, 2015 9:41 AM
    Saturday, June 20, 2015 6:10 PM
  • Yes, Søren. Its seems to be the case here. It now processes the xml script :)

    But now this error appear, but that might be simple to correct, what do this error mean?


    Andre

    Sunday, June 21, 2015 6:20 AM
  • I figured out that this error was caused by the fact that I had forgotten sAMAccountName on of the attribute flows. So a simple fix, and now everyhing i working like it should. Thanks for alle the help Søren and Nosh

    Andre

    Sunday, June 21, 2015 9:41 AM