none
Having problem syncing with new MIM 2016 installation RRS feed

  • Question

  • Hi guys,

    First off all, if any of you (maybe some Idenitity MVPs) have access to an internal MS DL, or if MS is monitoring this thread, the installation guide of MIM 2016 is by far the worst documentation guide ever :-)

    https://technet.microsoft.com/en-us/library/mt219040.aspx

    Being a Office Servers and Services MVP, I know it can by hard something to come out with some good documentation but following the step by step guide of MIM 2016, will never get you up and running...

    Back to my problem;

    A customer of mine wants to use the SSPR on their Win7/8 logon screen (Ctrl-Alt-Del)

    So my goal is only to deploy the SSPR portion, sync from AD and export to MIM DB....seems pretty simple.I have decided to follow some FIM install guide instead of MIM: https://technet.microsoft.com/en-us/library/ff575965(v=ws.10).aspx

    I have up to a point where the sync rules works but in the SSPR portal, if I do a search on the user, this is what I see:

    I cannot seems to match the displayname somewhere...

    Any tips and trick or just a quick guide will be more than helpful.

    Cheers

    Jean-Philippe


    If a post is helpful, please take a second to hit the green arrow on the left, or mark as answer, thanks.


    Jean-Philippe Breton | Senior Microsoft Consultant | MCTS, MCITP, MCT, Lync MVP

    Monday, February 1, 2016 3:46 PM

All replies

  • Hello Jean Philippe

    It seems that you don't have a right flow of displayName. Please check if you configured an export flow in Sync Engine on FIM management agent. If yes, please make sure that in FIM Portal, in Synchronization Rule, you have a flow of displayName to displayName and make sure also that your Synch Rule is Inbound. The same applies for accountName as I see you don't have the values.

    In Sync Engine you have a view called "Metaverse Search" - please find all objects there and check if you have displayName and accountNames filled. If not, the problem is in Sync Rule. If values are in metaverse, problem would be in propagating them to FIM DB.

    Let us know if you'd need more support.


    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    Monday, February 1, 2016 4:21 PM
  • To tack on to what has already been said, how I troubleshoot these kinds of things is start from the source system.  Follow the flow from source system attribute (displayname) to the metaverse attribute and then from metaverse attribute out to the Portal attribute displayname.  Its easy to miss or select the wrong attribute in the flow.

    While you are in there checking out the attribute flow, verify your Portal objects will receive domain, accountname, and objectSID of the AD account.  Those should be called out in the SSPR guide.

    Best,

    Jeff Ingalls

    Tuesday, February 2, 2016 4:58 AM
  • Hi Dominic,

    Sorry for the late reply:

    So I do have that Export rule

    And my MIM sync rule look good:

    It is set as Inbound

    In the Scope Tab I have this:

    Object are in the Metaverse, but you have a good guess about the DB.

    I will verify if object are propagate into the MIM DB.

    Will follow up

    Thanks


    If a post is helpful, please take a second to hit the green arrow on the left, or mark as answer, thanks.


    Jean-Philippe Breton | Senior Microsoft Consultant | MCTS, MCITP, MCT, Lync MVP

    Tuesday, February 2, 2016 4:23 PM
  • Hi Jeff

    Speaking of SSPR guide,

    I think that I have found 12 different way of triggering the import/export/full sync/delta sync

    Is there a best practice out there that I can use in my environnement?

    What do for the initial Sync?

    And what to do on a weekly basic?

    Thanks


    If a post is helpful, please take a second to hit the green arrow on the left, or mark as answer, thanks.


    Jean-Philippe Breton | Senior Microsoft Consultant | MCTS, MCITP, MCT, Lync MVP

    Tuesday, February 2, 2016 4:42 PM
  • Hi Jean-Phillippe,

    Welcome to the wonderful world of MIM.  :-)

    You can trigger run profiles via UI or through a call to WMI -- and there are various ways of making that WMI call.  Some customers use PowerShell or VBScript to make the WMI call and put it in a scheduled task.  There are tools/products out there to do it too and offer some additional advantages (reporting, near real time driven provisioning and sync, etc), but there's never been an official best practice released from Microsoft on how to perform the trigger.

    To answer your run profile question directly, on the initial run cycle you will need to run a full import on all MAs, a full sync on one of the MAs, then run an export(s) according to what MIM is telling you is pending export.  In other words, run an export on your target systems, then a confirming import which proves to MIM that the export was successful, and then a delta sync.

    Day to day, assuming you're not making changes in your MAs or sync rules (which would require full import and/or full sync), think of it in terms of how you want the data to flow.  Import on your source system, delta sync on your source system, export on your target system, delta import on target system (export confirmation), then a delta sync on target system.  The objective of planning out your run profile order is to get data moving from source to target on a single cycle without pending items sitting in pending for the next run cycle.  That said, some configurations require more than one cycle to get all data to all the places.

    More information:

    Tim Macaulay, a MS support escalation engineer, put together a big wiki on everything you'd want to know about run profiles.  Here's that link:  http://social.technet.microsoft.com/wiki/contents/articles/12529.miisilmfim-2010-run-profiles-resource-wiki.aspx

    Here's a link on run profile order: http://social.technet.microsoft.com/wiki/contents/articles/14905.fim-reference-which-run-profile-do-i-run-first.aspx

    Let me know if I can help further.

    Best,

    Jeff Ingalls

    Tuesday, February 2, 2016 5:55 PM
  • Thanks Jeff,

    Nice wiki!! :-)

    Let me try to re-run the profile correctly.

    Will le t you know

    Cheers

    JP


    If a post is helpful, please take a second to hit the green arrow on the left, or mark as answer, thanks.


    Jean-Philippe Breton | Senior Microsoft Consultant | MCTS, MCITP, MCT, Lync MVP

    Tuesday, February 2, 2016 6:37 PM
  • My issues seems to be SQL..has mothing seem to be exported into SQL (FIMDB)

    I have check some table but not sure which one should contain the actual info.

    After reading the WIKI, here is what I configure  for the Run Profile:

    ADMA:

    • Full Import
    • Full Sync

    FIMMA:

    • Export
    • Full Import
    • Full Sync

    Still my FIM portal are still showing the "No display name"  (as per my picture above.

    Any other ideas?


    If a post is helpful, please take a second to hit the green arrow on the left, or mark as answer, thanks.


    Jean-Philippe Breton | Senior Microsoft Consultant | MCTS, MCITP, MCT, Lync MVP

    Tuesday, February 2, 2016 7:26 PM
  • Go to sync service manager UI, click on the MIM MA, open up the properties, and go to "Configure Attribute Flow".  Verify you have displayname going as export (arrow pointing to left) from MV to displayName in MIM.

    Best,

    Jeff Ingalls

    Tuesday, February 2, 2016 8:25 PM
  • Hi Jeff

    Yes the flow is export for display name.

    Actually, can you confirm what  TEchnet is saying:

    https://technet.microsoft.com/en-us/library/mt219040.aspx

    It is mentionned under creating the MIM MA Account that attributes should be import AND export?

    Is that correct?

    I will be rebuilding the MIM server this server.

    Will keep you posted.


    If a post is helpful, please take a second to hit the green arrow on the left, or mark as answer, thanks.


    Jean-Philippe Breton | Senior Microsoft Consultant | MCTS, MCITP, MCT, Lync MVP


    • Edited by JP BretonMVP Wednesday, February 3, 2016 1:30 PM
    Wednesday, February 3, 2016 1:11 PM
  • In the MIM Management Agent, if you have an export attribute flow from the MV out to Display Name in MIM.  Then check:

    1. Go to the Metaverse Search tool and search for non present display name of users.  Do you see any?  If so, the problem is with the import of display name into the MV and/or data on the import. Look at the source MA and verify you are flowing an attribute that has a value into the correct MV attribute.  If all the MV objects have a display name then go to step 2.

    2. Are you using the MIM Portal to create or modify users - specifically the display name?  If not, then remove the import attribute flow (in the MIM MA) for display name. If yes, go to step 3.

    3. Go to the  Metaverse Designer tool, select person, click on display name and click on Configure Attribute Precedence. Verify the source system responsible for display name is above the MIM MA.

    4. Remove any display name attribute flows in the MIM Portal sync rules -- we're doing this as a test, we can add them back later.

    5. On the source MA responsible for display name run a full sync. In the statistics you should see MIM telling you an Outbound sync caused some data to be ready for export.

    6. Run an export of MIM MA then a delta import on MIM MA.

    Best,

    Jeff Ingalls

    Wednesday, February 3, 2016 1:58 PM
  • Did you ever get this figured out?  I have the exact same issue.  Followed the documentation, and got to the same point.

    I followed the steps in the last post, and on #5, everything is listed as a "Disconnectors".  Is that correct? 

    If the Run Profiles are done out of order, and the data isn't populated correctly, do you have to delete the MAs and start clean?  Is there a way to purge all the data within MIM without having to delete everything (it is a bit painstaking)

    Thank you very much for any help!

    Ken

    Wednesday, May 11, 2016 7:16 AM