none
Domain Name not showing up in New Attribute flow in MIM server 2016 RRS feed

  • Question

  • In MIM 2016, I have created a synchronization rule (ad user inbound synchronization rule) and clicked on new attribute flow. However, in the list shown in the new attribute flow the AD domain name is not listed. Also, does all the users in AD would automatically be synced into MIM? If not how to do it manually? Any help or suggestions appreciated. TIA
    Monday, July 11, 2016 8:36 AM

All replies

  • Hello,

    here are the steps to synchronize AD users to FIM.

    https://technet.microsoft.com/en-us/library/ff686264(v=ws.10).aspx


    Did my post help? Please use "Vote As Helpful", "Mark as answer" or "Propose as answer". Thank you!

    Monday, July 11, 2016 12:53 PM
  • As for your question on the domain attribute, domain is not an attribute in AD that's why you don't see it. If you have one domain, you can flow it as string constanct to MV. Or you can also use the SID trick described in the article above

    Did my post help? Please use "Vote As Helpful", "Mark as answer" or "Propose as answer". Thank you!

    Monday, July 11, 2016 1:12 PM
  • The domain attribute is not readily available in an AD attribute. It's available in the MV and the FIMMA.

    As explained in the step-by-step guide, you'll need to set a constant or complex flow to set the domain when fetching data from AD.

    When you setup the FIM/MIM Ma the data is automatically provisioned in the MIMService/portal. But you'll need to set the required attribute flows, by default some are missing.

    For the MIM/FIM MA you can map the MV attribute to the MA attribute... to get the domain info in the portal.


    Peter Geelen (Quest For Security) (blog)

    [If a post helps to resolve your issue, please click the "Mark as Answer" of that post or click Answered"Vote as helpful" button of that post.
    By marking a post as Answered or Helpful, you help others find the answer faster. ]

    Monday, July 11, 2016 1:48 PM
    Moderator
  • Thanks for the response.

    My domain SID string has the length of 39 where it should be 41. I am struck with the below procedure and unable to find where to do the below process. Please help. TIA

    The first step in your custom expression is to translate the object's SID into a string representation by using the ConvertSidToString method:

    ConvertSidToString(objectSid)
    

    From this string, you only need the first 41 characters from the "codeSnippetContainer" id="code-snippet-2">

    Left(ConvertSidToString(objectSid), 41)
    

    The question is whether this string is equal to the domain SID:

    Eq(Left(ConvertSidToString(objectSid), 41)
    

    If both values match, you can flow “FABRIKAM” as the domain name into the metaverse. If the values do not match, you should flow something like “Unknown”:

    IIF(Eq(Left(ConvertSidToString(objectSid),41),”S-1-5-21-4220550486-1538840966-3184992408”),”FABRIKAM”,”Unknown”)
    

    Tuesday, July 12, 2016 4:23 AM
  • Harshavardhan,

    You don't need to convert the sid. instead of the above-mentioned steps, you can add a simple import attribute flow to import your domain name like this:

    Replace Fabrikam by your domain name.


    Did my post help? Please use "Vote As Helpful", "Mark as answer" or "Propose as answer". Thank you!

    Tuesday, July 12, 2016 1:11 PM
  • Taher, I am unable to find my domain name KDMS in the new attribute flow (as fabrikam). Pls assist further.
    Thursday, July 14, 2016 5:53 AM
  • Choose string from the Source drop down list and then type your domain name

    Did my post help? Please use "Vote As Helpful", "Mark as answer" or "Propose as answer". Thank you!

    Thursday, July 14, 2016 6:59 AM
  • Thanks Taher for the quick response. It was helpful. I created the domain name as u said. In the synchronization service manager I have created 2 management agents MIMMA and ADMA and i have created 5 run profiles on MIMMA and ADMA (Profile1: Full Import (Stage Only), Profile2: Full Synchronization, Profile3: Delta Import (Stage Only), Profile4: Delta Synchronization and Profile5:  Export

    Can you guide me with further steps. Will the users in AD automatically be synced to MIM console? If not then how to sync them.


    Thursday, July 14, 2016 12:15 PM
  • If you run Full Import then Full Sync on AD MA you'll get all users to metaverse.

    Can you switch the thread to question instead of discussion so you can mark an answer when your question is answered.


    Did my post help? Please use "Vote As Helpful", "Mark as answer" or "Propose as answer". Thank you!

    Thursday, July 14, 2016 12:47 PM
  • Taher where do I find metaverse in synchronization service manager in MIM after running full import and full sync. Pls assist. TIA
    Friday, July 15, 2016 5:06 AM
  • Open the MIM Sync Mgr gui > Metaverse Search

    Is that what you need?


    Peter Geelen (Quest For Security) (blog)

    [If a post helps to resolve your issue, please click the "Mark as Answer" of that post or click Answered"Vote as helpful" button of that post.
    By marking a post as Answered or Helpful, you help others find the answer faster. ]

    Friday, July 15, 2016 8:56 AM
    Moderator
  • Yes open metaverse console then go to metaverse search then search for object of type Person. So this is your metaverse. And if you click on any of the person objects and you go to connectors tab, you can view the connector space objects.

    Did my post help? Please use "Vote As Helpful", "Mark as answer" or "Propose as answer". Thank you!

    Friday, July 15, 2016 11:52 AM
  • Taher, I did the above said procedure and the existing users have showed up in the persons list however if I create a new user or group in AD OU and run synchronization profile then the group or user which I have created is not showing up in synchronization manager. Whenever I create a user or group, do I need to run the synchronization profile? TIA


    Harsha

    Tuesday, July 19, 2016 4:44 AM
  • when you create a new user in AD in an OU that MIM Sync is configured to synchronize, you need to run Import -> Sync on AD MA to bring them to MIM Sync. and In order to have them in MIM Portal, you need to run export on MIM MA.

    I think a little reading on Run Profiles in MIM will help you understand this better.

    https://technet.microsoft.com/en-us/library/jj863247(v=ws.10).aspx


    Did my post help? Please use "Vote As Helpful", "Mark as answer" or "Propose as answer". Thank you!

    Tuesday, July 19, 2016 12:35 PM