none
How to import multi-value reference with Granfeldt PowerShell MA? RRS feed

  • Question

  • Hi,

    I am trying to import multi-value reference into FIM (Group object).

    I can import all attributes from source SQL, except Multivalue reference (into members attribute on Group object).

    I have defined schema like this:

    $obj = New-Object -Type PSCustomObject
    $obj | Add-Member -Type NoteProperty -Name "Anchor-axs_profid|String" -Value ""
    $obj | Add-Member -Type NoteProperty -Name "objectClass|String" -Value "role"
    $obj | Add-Member -Type NoteProperty -Name "name|String" -Value ""
    $obj | Add-Member -Type NoteProperty -Name "member|Reference[]" -Value ""
    $obj

    On source attribute I have members defined in one attribute, divided by ",". 

    Import script:

    $Obj = @{}
    
        $Obj.Add("objectClass", "role")
        $Obj.Add("[DN]", "Role_"+$Object.$("axs_profid"))
        $Obj.Add("axs_profid",   $Object.$("axs_profid").ToString())
        $Obj.Add("name", $Object.$("name").ToString())
        if($Object.$("member").ToString() -ne "")
        {
            [string[]]$members = $Object.$("member").ToString().Split(',')
            $Obj.Add("member", $members)
        }
       
        $Obj
        


    When Full import is triggered, I get following error for roles with multiple users:

    FIM Sync = staging-error

    Event log = 

     

    The server encountered an unexpected error in the synchronization engine:

     "BAIL: MMS(9588): d:\bt\32669\private\source\miis\shared\utils\libutils.cpp(7045): 0x8023040e (The distinguished name is invalid)
    BAIL: MMS(9588): d:\bt\32669\private\source\miis\server\sqlstore\utils.cpp(229): 0x8023040e (The distinguished name is invalid)
    BAIL: MMS(9588): d:\bt\32669\private\source\miis\server\sqlstore\nscsimp.cpp(5348): 0x8023040e (The distinguished name is invalid)
    BAIL: MMS(9588): d:\bt\32669\private\source\miis\server\sqlstore\nscsimp.cpp(5753): 0x8023040e (The distinguished name is invalid)
    BAIL: MMS(9588): d:\bt\32669\private\source\miis\server\sqlstore\nscsimp.cpp(686): 0x8023040e (The distinguished name is invalid)
    BAIL: MMS(9588): d:\bt\32669\private\source\miis\server\sqlstore\csobj.cpp(12876): 0x8023040e (The distinguished name is invalid)
    BAIL: MMS(9588): d:\bt\32669\private\source\miis\server\sqlstore\csobj.cpp(13976): 0x8023040e (The distinguished name is invalid)
    BAIL: MMS(9588): d:\bt\32669\private\source\miis\server\sqlstore\csobj.h(1252): 0x8023040e (The distinguished name is invalid)
    ERR_: MMS(9588): d:\bt\32669\private\source\miis\server\sync\syncstage.cpp(2018): ERR_: MMS(9588): d:\bt\32669\private\source\miis\server\sync\syncstage.cpp(612): ERR_: MMS(9588): d:\bt\32669\private\source\miis\server\sync\syncstage.cpp(647): Staging failed 0x8023040e: [21]ERR_: MMS(9588): d:\bt\32669\private\source\miis\server\sync\syncmonitor.cpp(2528): SE: Rollback SQL transaction for: 0x8023040e
    Forefront Identity Manager 4.1.3559.0"

    If I change the script to return only first member:

    $Obj.Add("member", $members[0])

    import is successfull and I can see referenced member in Group.

    I have also tried to specify DN for both users and roles with the same outcome.

    $Obj.Add("[DN]", "Role_"+$Object.$("axs_profid"))

    I am using the latest version of  PSMA: 5.5

    Thanks for your help guys!

    Wednesday, January 14, 2015 12:40 PM

Answers

  • I managed to solve this issue.

    The problem was in string array (I always appended "," at the end of each value). MA then expected another value after the last comma.

    The wrong approach:

    [string[]]$members = $Object.$("member").ToString().Split(',')

    The right approach:

    [string[]]$members = $Object.$("member").ToString().TrimEnd(',').Split(',')

    • Marked as answer by Simon Hocevar Tuesday, January 20, 2015 8:28 AM
    Tuesday, January 20, 2015 8:28 AM