none
How to Join a large Number of unjoined Users RRS feed

  • Question

  • Hello Everyone,

    i have a FIM 2010 implementation synchronising users from an SQL DB to Active Directory through the Portal

    for some reason that i can't seem to understand there around 700 users that did not join with the users already existing in Active Directory,

    so i have my sync rules that suppose that the user is a new user and try to create it as a new user in AD

    now that i'm stuck with this, i have to do the joins manually through the sync manager,

    any idea on the reasons that this could happen and more importantly is there a way to deal with those joins all at once cuz right now i only can do it one by one :s

    thanks for your help

    hitch


    Hitch Bardawil

    Friday, September 21, 2012 11:48 AM

Answers

  • I think you have a problem if you don't have data to make joins happen. This could give you a problem later on.  You need to put some thought on flowing data that allows your join-rules to succeed later - i.e. if you need to restore. But that's another discussion.

    For your problem, I'd start out by disabling provisioning and do a Full Sync to make those Pending Export Adds (if any) go away. Then I would definitely see if I could do some scripting against AD to populate an attribute that you can use for joining. As a general rule I like to "clean" data sources before importing - and if you only want joins in your environment, you should definitely flow enough data to make joins happen correctly.

    So skip the Joiner and do some scripting against your datasource (AD) if possible. And once AD is populate, the do a new Full Import and Full Sync.


    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | twitter at https://twitter.com/#!/MrGranfeldt

    • Marked as answer by HitchB52 Thursday, February 7, 2013 12:14 PM
    Monday, September 24, 2012 2:07 PM

All replies

  • Hello,

    In order to join to existing objects in destination identity store we need those object representations to exist in the metaverse so that our join rules will have objects to join to.  Look to see if your existing AD objects exist in their corresponding connector space as well as the metaverse then check your join rule to make sure logic/values are OK.

    Best,

    Jeff Ingalls

    Friday, September 21, 2012 5:20 PM
  • Also, if this is an initial sync, then make sure that you haven't enabled Sync Rule Provisioning. You need to join existing accounts before trying to provisioning the rest.

    Also, make sure that you have enough data as inbound attribute flows from datasources to the metaverse for joining to take place successfully. There is no such things as reverse joining in FIM, so the object that you're trying to join on must exist in the metaverse.


    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | twitter at https://twitter.com/#!/MrGranfeldt

    • Marked as answer by HitchB52 Thursday, February 7, 2013 12:13 PM
    • Unmarked as answer by HitchB52 Thursday, February 7, 2013 12:14 PM
    Sunday, September 23, 2012 6:00 AM
  • ah if only it was that simple :)

    not that in my architecture FIM is only supposed to join users between my source and destination and never create

    so it is not an initial sync, a few thousand users have already been joined and i just have those 1000 users that did not join because at the time the users were not yet created in active directory so FIM tried to create them instead of joining.

    now that they have been created and imported into the metaverse i find myself having to go to the joiner tab in the MIIS interface and join them manually and of course in that interface we have to do it one by one,

    the question is how to that for many users at once

    thanks !


    Hitch Bardawil

    Monday, September 24, 2012 1:59 PM
  • I think you have a problem if you don't have data to make joins happen. This could give you a problem later on.  You need to put some thought on flowing data that allows your join-rules to succeed later - i.e. if you need to restore. But that's another discussion.

    For your problem, I'd start out by disabling provisioning and do a Full Sync to make those Pending Export Adds (if any) go away. Then I would definitely see if I could do some scripting against AD to populate an attribute that you can use for joining. As a general rule I like to "clean" data sources before importing - and if you only want joins in your environment, you should definitely flow enough data to make joins happen correctly.

    So skip the Joiner and do some scripting against your datasource (AD) if possible. And once AD is populate, the do a new Full Import and Full Sync.


    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | twitter at https://twitter.com/#!/MrGranfeldt

    • Marked as answer by HitchB52 Thursday, February 7, 2013 12:14 PM
    Monday, September 24, 2012 2:07 PM