locked
Clean Export for MV RRS feed

Answers

  • You could delete the content of the connector space.

    Cheers,
    Markus

     

     


    Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation
    Saturday, June 12, 2010 1:15 PM
  • This means that you must have import attribute flow mappings configured for these attributes on your FIM MA.
    Remove these flow mappings, and then run a full synchronization on your FIM MA.

    About Attribute Flow Precedence.

    Cheers,
    Markus

     


    Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation
    Monday, June 14, 2010 6:42 PM

All replies

  • You could delete the content of the connector space.

    Cheers,
    Markus

     

     


    Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation
    Saturday, June 12, 2010 1:15 PM
  • Ok, I deleted the space and seem to get the same error so I must have my groups set up incorrectly. Here is what I have for inbound sync rule:

    IIF(Eq(BitAnd(2,groupType),2),"Global",IIF(Eq(BitAnd(4,groupType),4),"DomainLocal","Universal")) = scope

    IIF(Eq(BitOr(14,groupType),14),"Distribution","Security") = type

    false = membershiplocked

    none = memberaddflow

    NETBIOSNAME = domain

    Then for the Configure Attributes Flow for groups in the FIM Service MA, not AD MA, I have this configured:

    Import:

    Data  Source : Metaverse

    Membershiplocked = membershiplocked

    Memberaddflow = memberaddflow

    Domain =  domain

    Scope = scope

    Type = type

     

    I do a Full Import and Sync, then an export.  The export says:

    Required attribute "Domain" missing. Then the other missing attribute errors...

    The "Domain" is capitalized, I am not sure what I am missing here to get this from not erroring out on the web service during an export.

    Thanks.

     

     

     

    Monday, June 14, 2010 4:00 AM
  • NETBIOSNAME = domain

    Does this mean, you are flowing "NETBIOSNAME" as value for the domain attribute?
    If so, I doubt a bit that this is the right value.
    The value of this attribute is the nETBIOSName of the domain a resource belongs to.
    You can use this script to see what the value of this attribute should be.
    Please see How Do I Synchronize Users from Active Directory Domain Services to FIM for more details.

    Cheers,
    Markus
     

     


    Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation
    Monday, June 14, 2010 7:39 AM
  • NetBiosName is the Domain name. I did not want to provide my domain for the example.

    The user syncrhonization is fine.

    I deleted all the AD and MA connector spaces. However, I am getting errors with the below for the groups:

    Membershiplocked

    Memberaddflow

    Domain

    Scope

    Type

    I have followed this document, http://social.technet.microsoft.com/Forums/en/ilm2/thread/e6a09fa9-e8bc-4fd1-bc19-b07c21375ee3, but still receive the errors.

    Monday, June 14, 2010 4:54 PM
  • NetBiosName is the Domain name. I did not want to provide my domain for the example.

    Just making sure - it will have to be the valid value for your objects.
    It just seems to be an odd name for a domain :-)

    Since you still get the error for all these attributes, you should do a connector space search and verify whether these attributes are set on the affected group objects in the FIM connector space.
    Instructions for verifying whether your objects have the required attribute values are in the Introduction to Inbound Synchronization and Introduction to Outbound Synchronization

    Cheers,
    Markus

     


    Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation
    Monday, June 14, 2010 5:12 PM
  • Followed, these except outbound. I am not doing any outbound synchronization to Active Directory. I just want to get the groups into the FIM MA. When I do a search on the FIM Service MA, I can see the the group but when I validate the object schema it gives me the errors that the attributes for the groups are not there, so the export errors for the FIM Service MA. Even when I look in the Metaverse Designer and look at the attributes for the groups they have a precedent set to 1. I can even search the Metaverse and find the groups but the object schema still has errors. Do I need to create an outbound syncrhonization rule for groups?

    Also, if I look at the AD connector space and do a preview and drill down to Connector Update > Export Attribute Flow, I receive a bunch of these for the groups:

    Skipped: Not Precedent,membershipAddWorkflow,Direct,MembershipAddWorkflow,,(Deleted)

    Skipped: Not Precedent,membershipLocked,Direct,MembershipLocked,,(Deleted)

    etc..

     

    Monday, June 14, 2010 5:50 PM
  • This means that you must have import attribute flow mappings configured for these attributes on your FIM MA.
    Remove these flow mappings, and then run a full synchronization on your FIM MA.

    About Attribute Flow Precedence.

    Cheers,
    Markus

     


    Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation
    Monday, June 14, 2010 6:42 PM
  • Ok, I got the errors resolved. I had the Configure Attribute Flow incorrect in the FIM Service MA. The group attributes where from Data Attribute Source to Metaverse. Since I do not have these defined in AD it was erroring. Therefore my synchronization rule would not supply the FIM Service MA the group attributes, it was wanting the attribute flow to already have the attribute.

    Monday, June 14, 2010 7:10 PM