locked
GAL Sync tries to provision expectedRuleEntries RRS feed

  • Question

  • I'm currently playing around with FIM 2010 GAL Sync.

    As for now I still have some problems: from Forest A to Forest B provisioning works fine, from B to A does not work. Objects are present in the CS of A, but do not make it into the Active Directory. Perhaps something is wrong with the remote powershell to the Exchange 2010 utilities.

    Another problem I'm having is that my users from the other Forest, for whom I only want to use them for GAL sync are also getting provisioned in the Portal. Perhaps I could use a disconnector filter for that, but then I would have to get something I can filter on. DN is not there by default I think.

    But my actual question concerns an other issue:

    When I'm doing a delta sync with the MA of the FIM Service (portal) i'm getting a lot of extension-dll-exception

    The stack trace:

    Microsoft.MetadirectoryServices.NoSuchAttributeInObjectTypeException: Attribute "cn" is not usable with the object type in question.
       at Microsoft.MetadirectoryServices.Impl.EntryState.GetAttribute(String attributeName, IMacroCollectionBase collection)
       at Microsoft.MetadirectoryServices.GALSync.MVSynchronizer.AddOrRenameConnector(ConnectedMA& MA, GALMA& MAConfig, MVEntry mventry, CSEntry csentry)
       at Microsoft.MetadirectoryServices.GALSync.MVSynchronizer.Provision(MVEntry mventry)

    The problem here is, that the code trires to run the provisioning stuff for "ExpectedRuleEntries" which are being projected into the MV. Is this normal? I mean, does the foreseen galsync.dll code does not take this into account? Should I altered the galsync solution it's behaviour or is their an eassier way (no coding)? In my opinion the provision code should only do it's logic on person/groups/contacts but not on DRE/EREs.

    Any feedback is welcome. I have been googling this around, but whereas the setup is fairly wel documented, the combination of FIM GalSync and the Portal are new.  I hope someone can help me. I inted to write some blogpost about it afterwards. I really think the amount of information on this subject is rather limited. Or I'm not looking in the right places.

    Kind regards,

    Thomas

    Sunday, May 2, 2010 1:19 PM

Answers

  • Hi Thomas,

    You are going to need to modify the provisioning code in the Galsync dll.

    In the GALMV.vb file, find the Provision() method.

    Add the folowing code:

      Public Sub Provision( _
       ByVal mventry As MVEntry) _
       Implements IMVSynchronization.Provision
       Select Case mventry.ObjectType
        Case "expectedRuleEntry"
         ' Do Nothing
    
        Case "SomeOtherObjectYouWantToIgnore"
    
         'Do Noting
    
        Case Else
         Dim i As Integer
         Dim MasterConnector As CSEntry = Nothing
         Dim MA As ConnectedMA
    
         Log("Entering provisioning for " & mventry.ToString)
    
         For Each MA In mventry.ConnectedMAs
          Dim csentry As CSEntry
          For Each csentry In MA.Connectors
           If csentry.ConnectionRule = RuleType.Projection Then
            MasterConnector = csentry
           End If
          Next
         Next
         '.......
    
       End Select
    Sunday, May 2, 2010 4:56 PM

All replies

  • Hi Thomas,

    You are going to need to modify the provisioning code in the Galsync dll.

    In the GALMV.vb file, find the Provision() method.

    Add the folowing code:

      Public Sub Provision( _
       ByVal mventry As MVEntry) _
       Implements IMVSynchronization.Provision
       Select Case mventry.ObjectType
        Case "expectedRuleEntry"
         ' Do Nothing
    
        Case "SomeOtherObjectYouWantToIgnore"
    
         'Do Noting
    
        Case Else
         Dim i As Integer
         Dim MasterConnector As CSEntry = Nothing
         Dim MA As ConnectedMA
    
         Log("Entering provisioning for " & mventry.ToString)
    
         For Each MA In mventry.ConnectedMAs
          Dim csentry As CSEntry
          For Each csentry In MA.Connectors
           If csentry.ConnectionRule = RuleType.Projection Then
            MasterConnector = csentry
           End If
          Next
         Next
         '.......
    
       End Select
    Sunday, May 2, 2010 4:56 PM
  • Makes sense. Thanks for the code snippet!

    Is there an easy way to develop code off-box? I mean withouth having to install Visual Studio on the Sync box...

    Sunday, May 2, 2010 5:41 PM
  • You will need to copy the DLL's that are referenced in the project to your local machine.

    One you have built your DLL you need to copy it back to the FIM\2010\Sync\Extensions folder.

    I usually just install VS on my dev box. It makes it easier to debug the code if necessary.

     

    -Jeremy

    Sunday, May 2, 2010 6:27 PM
  • For the reference I wrote a little summary about it: http://setspn.blogspot.com/2010/05/fim-gal-sync-and-fim-ma-eredre.html

    You changed the Case "ExpectedR... to Case "expectedR... ? Or I really need to get some sleep :)

    Thanks for the assistance.

    Sunday, May 2, 2010 7:35 PM
  • Yep,

    I changed it after looking in the MV designer on my test box.

     

    -J

    Sunday, May 2, 2010 7:38 PM
  • This topic is (very detailed) documented in Exchange Provisioning using ILM 2007 and FIM 2010.

    Cheers,
    Markus


    Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation
    Sunday, May 2, 2010 11:27 PM
  • Markus,

    I had already came across that article. While it is very (extremely) detailed, I think it mainly focusses on mailbox provisioning. I was really looking for some documentation explaining what is happing under the hood when 2 GAL MA's join/project stuff in the MV and more spefically how this interacts with what the FIM MA is doing round there.

    But perhaps these things are obvious for experienced FIM people.

    Regards,

    Thomas

    Monday, May 3, 2010 8:33 AM
  • Understanding Data Synchronization with External Systems.
    From the synchronization perspective, all management agents work the same way.

    Cheers,
    Markus


    Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation
    Monday, May 3, 2010 11:09 AM