none
Problems with criteria based groups. Members of group differs from Connector Space group object members RRS feed

  • Question

  • Hellos.

    We have hundreds of AD groups we need FIM to manage. Group cns have the format sg_A_nnnnn_DepartmentName or sg_A_mmmmm_DepartmentName or sg_B_nnnnn_DepartmentName and so on. where nnnnn mmmmm  are different department numbers eg 15100 49100 23300 and so on.

    Its easy to build filters and import this into Filter attribute. Loading FIM seemed to go fine.

    We now have problems when a user changes department ie. was 15100 and is now 49100. We expected to see deletes from criteria based groups with 15100 in the name and adds to groups with 49100 in the name. BUT not all the 15100 groups send deletes to MV.

    The offending group's membership as seen on Portal by pushing button "View Members" looks OK, it shows the number of users expected by the criteria. BUT if I look at the FIMMA Connector Space group object it shows a DIFFERENT number of members, one extra.

    How is this possible? It is possible cause I see it happen.

    We have exported the changed DepartmentNumber to FIMMA (1 update) and on Full import see 7 updates - one for the person and the rest for groups caused by the filters being applied. When we view the Updates one group seems not to be managed correctly.

    At present we are syncing between FIM and AD bidirectionally so ALL group attributes are equal precedence. Is this a possible cause?

    I am almost at my wits end here about this.

    We use FIM 2010 R2 RTM

    Help!!!

    Thursday, August 23, 2012 6:00 PM

Answers

  • The cause of this problem has been tracked down.

    Resolving the problem is another question however.

    The reason for those who are interested is that we have a situation where we have a Criteria based group which has Manually added members. A person exists on both "lists" so removing him from a department correctly removes him from the criteria based "list" of members but because he also exists on the manually added "list" he hasnt been removed completely.

    These manually added members are only visible via the Extended Attributes Tab.

    • Marked as answer by HaroldHare Monday, August 27, 2012 6:54 AM
    Monday, August 27, 2012 6:54 AM