none
AD conflict object in FIM RRS feed

 , 
 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    I have a FIM instance that's synchronizing an AD domain to an AD LDS instance.

    Some time ago, a conflict occurred in AD (there was a group with a "CNF" in the name followed by a GUID). The conflict object was removed from AD, but for some reason it remained in FIM, and it's causing errors when FIM tries to export it to AD LDS.

    Full import / synch operations did not solve the problem either.

    Any suggestions?

    Thanks,
    Paolo

    Paolo Tedesco - http://cern.ch/idm

    Tuesday, January 7, 2014 3:56 PM
    |

Answers

  • Question
    Sign in to vote
    1
    Sign in to vote
    If it is not a MV object but simply a connector space object you could mark it as explicit disconnector

    David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html

    • Marked as answer by Paolo Tedesco Wednesday, January 8, 2014 8:25 AM
    Tuesday, January 7, 2014 5:17 PM
    |

All replies

  • Question
    Sign in to vote
    1
    Sign in to vote

    Paolo,

    You have the object identified.

    1. Suspend any scheduled jobs
    2. Double check the MV object deletion rule for this object type
    3. Find it in the MV
    4. Look at the list of connectors
    5. Make a screen shot of the list of connectors and their identifiers
    6. Double check that the Deprovisioning options on each MA for which it has a connector are what you want
    7. Disable Provisioning
    8. Open the MV object
    9. Disconnect it from the proper connectors until the MV object is deleted
    10. Run export on the MA's where there is a pending delete
    11. Reenable Provisioning
    12. Run Preview on any remaining normal disconnectors that were connected to this MV object to ensure that they aren't projecting
    13. If necessary mark any of the disconnectors as explicit
    14. Re-enable your jobs

    David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html

    Tuesday, January 7, 2014 5:17 PM
    |
  • Question
    Sign in to vote
    1
    Sign in to vote
    If it is not a MV object but simply a connector space object you could mark it as explicit disconnector

    David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html

    • Marked as answer by Paolo Tedesco Wednesday, January 8, 2014 8:25 AM
    Tuesday, January 7, 2014 5:17 PM
    |
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi David,

    Thank you very much for the hints.

    In the end, I configured a connector filter to exclude objects whose cn contains "CNF:". I already had the rule configured for other types of objects, and if I search for filtered disconnectors in the MA I see quite a lot of those.

    I don't know why they linger in the connector space, maybe from time to time I should just flush the connector space...

    Cheers,
    Paolo

    Paolo Tedesco - http://cern.ch/idm

    Wednesday, January 8, 2014 8:27 AM
    |