none
Some fundamental FIM questions around Sync Rules RRS feed

  • Question

  • Hi,

    The current behaviour of my FIM environment has got me questioning how I thought FIM works - so I need to revisit the basics:

    I have a text book setup configured: Set, Workflow, Sync Rule and MPR

    When users enter a Set, they get correctly provisioned to a connected directory (ADLDS)...and when they leave a set they get removed from the connected directory (ADLDS)....so the basics are working fine.

    One of the flows in my Sync Rule above is this: IIF(booleanAttribute, attribute1, CustomExpression(attribute1+"$"))

    To understand things better, I went ahead and changed the flow to be the following: IIF(booleanAttribute, CustomExpression(attribute1+"yes"), CustomExpression(attribute1+"no"))

    Did a Full Import and Full Sync on the FIM MA, saw the new updated rule being imported - but when I did a Full Sync and export on ADLDS - nothing changed. Why did nothing happen? Is it because no new data entered the Set? I then selected the 'Run on Policy Update' setting, reran the Run Profiles, and still nothing happened. Should I have seen changes happening in ADLDS?

    Since the above failed, it got me thinking...what if my booleanAttribute, which gets imported from another connected directory (SQL) changes and is updated in the MV...will my Sync Rule also fail?

    Should I create extra Sets (workflows, sync rules, MPRs) to just monitor changes to the booleanAttribute?

    Please could someone clarify this fundamental logic that I am missing.

    Thanks you,

    SK

    PS. FIM Sync and Portal are both running Update 2.

    Sunday, July 15, 2012 12:57 AM

Answers

  • SK

    In the past whenever I find myself questioning the basics, often it has ended up being that something is just plain broken, and it wasn't something to do with my understanding being wrong at all.  Moreover, it is being prepared that sometimes FIM is like a whiteboard ... after a while it's best if you wipe some things out and start again.  In this case, I would treat your EAF with the same suspicion, by deleting it and recreating it.  The reason I suggest this is that I have run into a problem like this with sync rules on several occasions, and this has always worked.  Every time I hit this issue in the past it has been fixed in this way ... and after I've done it it feels like "if a tree falls in the woods, does anybody hear?" (i.e. will anyone believe me that there was a problem having now fixed it).  Recently I ran into a similar scenario and took the same approach ... and was glad I did.

    There's no guarantee that this is your problem too, but I have a strong hunch ...

    By the way, I also tend to use "Concatenate(attribute1,"$")" instead of using "+", so you could try that first I guess ... but my bet is you'll find the delete/recreate (of just the EAF) does the trick (preferably delete the EAF, save the sync rule, then go and add it back in).


    Bob Bradley (FIMBob @ http://thefimteam.com) ... now using Event Broker 3.0 @ http://www.fimeventbroker.com for just-in-time delivery of FIM 2010 policy via the sync engine


    • Edited by UNIFYBobMVP Sunday, July 15, 2012 3:53 PM missing link to similar scenario
    • Marked as answer by D Wind Monday, July 16, 2012 5:05 AM
    Sunday, July 15, 2012 3:51 PM

All replies

  • SK

    In the past whenever I find myself questioning the basics, often it has ended up being that something is just plain broken, and it wasn't something to do with my understanding being wrong at all.  Moreover, it is being prepared that sometimes FIM is like a whiteboard ... after a while it's best if you wipe some things out and start again.  In this case, I would treat your EAF with the same suspicion, by deleting it and recreating it.  The reason I suggest this is that I have run into a problem like this with sync rules on several occasions, and this has always worked.  Every time I hit this issue in the past it has been fixed in this way ... and after I've done it it feels like "if a tree falls in the woods, does anybody hear?" (i.e. will anyone believe me that there was a problem having now fixed it).  Recently I ran into a similar scenario and took the same approach ... and was glad I did.

    There's no guarantee that this is your problem too, but I have a strong hunch ...

    By the way, I also tend to use "Concatenate(attribute1,"$")" instead of using "+", so you could try that first I guess ... but my bet is you'll find the delete/recreate (of just the EAF) does the trick (preferably delete the EAF, save the sync rule, then go and add it back in).


    Bob Bradley (FIMBob @ http://thefimteam.com) ... now using Event Broker 3.0 @ http://www.fimeventbroker.com for just-in-time delivery of FIM 2010 policy via the sync engine


    • Edited by UNIFYBobMVP Sunday, July 15, 2012 3:53 PM missing link to similar scenario
    • Marked as answer by D Wind Monday, July 16, 2012 5:05 AM
    Sunday, July 15, 2012 3:51 PM
  • Hey Bob,

    So I followed your advise...removed the EAF, ran a few Syncs...added the EAF and voila, things are now working.

    Thank you !

    Monday, July 16, 2012 5:05 AM
  • No probs - I think that means this remedy keeps its perfect record intact ... now to find someone who has this exact scenario in FIM R2 so that we can raise this issue in Connect.  Anyone?

    Bob Bradley (FIMBob @ TheFIMTeam.com) ... now using Event Broker 3.0 for just-in-time delivery of FIM 2010 policy via the sync engine, and continuous compliance for FIM

    Monday, July 16, 2012 5:41 AM
  • Bob - Have you only seen this on declarative sync rules, or has it appeared on classic flow rules also?

    Frank C. Drewes III - Architect - Oxford Computer Group

    Monday, July 16, 2012 12:49 PM
  • Only declarative rules Frank :|

    Bob Bradley (FIMBob @ TheFIMTeam.com) ... now using Event Broker 3.0 for just-in-time delivery of FIM 2010 policy via the sync engine, and continuous compliance for FIM

    Monday, July 16, 2012 1:29 PM