none
User still joined after join rule not respected RRS feed

  • Question

  • Hi,

    I have a weird case and I'm not sure why it's happening.

    To keep it simple, let's say I have 2 Active Directory MA.

    AD MA 1 imports "EmployeeID" in Metaverse-EmployeeID

    Join rule of AD MA 2 is EmployeeID = EmployeeID.

    User in AD MA 2 has the correct EmployeeID, it joins with the user from AD MA 1.

    Now I change the EmployeeID in MA #2 and even after a new sync it's still joined? I can manually disconnect and it won't come back because the join rule doesn't fit anymore.

    So my question is why do I have to manually disconnect AD MA 2 user ? Shouldn't FIM automatically disconnect when the join rules isn't respected anymore?

    I can provide mode details if needed.

    Thanks.

    Tuesday, April 23, 2019 6:02 PM

All replies

  • Join rules are only used by the sync engine when it has a disconnected object in the (AD) connector space. It uses the join rules to identify relations between a disconnected object and an object in metaverse - for example employeeID to EmployeeID. When it gets a "hit", the sync engine joins the connector space object and the identity/object in metaverse together using the anchor attribute/value on the MA (I think Object SID is used on a AD MA?). As long as the object in connector space (AD) doesn't change it's anchor value, this relationship continue to exist. A change on the objects anchor value in the MA will be identified as a delete/add for the sync engine - and will then trigger a new evaluation of the join rules to try to match the (new) disconnected object in connector space.
    • Proposed as answer by Leo Erlandsson Wednesday, April 24, 2019 9:05 AM
    Wednesday, April 24, 2019 8:52 AM