The DN must be set before calling CSEntry.CommitNewConnector. Pulling my hair out RRS feed

  • Question

  • This may be my understanding of the product, and any help would be greatly appreciated. I have read everything I can find but still having a hard time understanding what is going on here.


    I am working on a PowerShell MA that exports group info to a rest api. This includes multiple owners and some other custom attributes (like category = type of group based on criteria, approvalType = single owner, multiple owner, manager). I have most of it working and on the home stretch, (I think).

    The problem I am facing is on my provision, when I create a new group in ad. I import it then sync the AD MA, I get “The DN must be set before calling CSEntry.CommitNewConnector.”


    -The anchor for the MA is a unic sid in the remote system.

    -The Join rule is u_objectsid = csObjectID (this is a custom files in the remote system where I want to add the csobjectid on provision.

    -Sync rule


                    To all metaverse resources of this type

                    Scope is group

    Scope filter (I have tried a few things here) csObjectid not equal “” (thought was that it would not try to provision until it had this value populated.

    Relationship Create resource in external system

    Outbound flow ( I have tried a lot of stuff here)

                    Initial flow = csObjectID =>DN

    -My theory on how this SHOULD work.

    1. The record is imported from ad but no provisioning should happen on my custom MA.
    2. The record gets provision in MIM and get a csObjectID.
    3. On export from mim a provisioning gets triggered for custom MA.
    4. Custom ma export provisions new record in remote system

    -what is happening

                    AD MA is triggering provisioning on custom MA on sync when no csObjectID is in Metaverse.

    I was going to try to change the DN but I want to use a value that does not change, I was going to change it to AD objectGuid but that needs to be converted from binary to string which does not seem to happen on initial import/sync and I get the same result.

    Thank you for any help or pointers.


    Tuesday, January 15, 2019 4:00 PM

All replies

  • Hi,

    Are you flowing data (initial flow) to your anchor aswell?

    If not, try doing that.



    Did my post help? Please use "Vote As Helpful", "Mark as answer" or "Propose as answer". Thank you!

    Friday, January 18, 2019 8:29 AM
  • Sorry for the delay, had to leave town due to family emergency.

    I have tried many combinations for the initial flow.  It does not happen on the export to the PS MA, it happens in the Sync of the AD MA when it triggers the provision

    I can not post pictures so...

    on the export of PS MA I have tried the below ( export)

    csObjectID => u_objectsid  set to initial flow only.

    I have also tried  caobjectid=> DN as initial flow only ( I have also tried both set to initial flow).

    I have tried to add snow-sys_id => sys=>id as initial flow ( this is the anchor for this ma its a sid value generated when the record is created in the remote system).

    The stack trace shows "Microsoft.MetadirectoryServices.ProvisioningBySyncRuleException: The DN must be set before calling CSEntry.CommitNewConnector.


    Monday, January 28, 2019 5:09 PM