none
Group Import Member and Owner Reference Unavailable RRS feed

  • Question

  • Hello, 

    I am having an odd issue. I created a new MA from AD to MV. It is looking specifically at an Applicaiton Group OU, There are only SG in there. When I do the import, then a sync, two fields are giving me errors

    Member and ManagedBy, they both say reference is unavailable. 

    No the users already exist in the MV, but is is giving me the error because I am not allowing the MA to look in any other container besides where the application group is?

    I am not sure, I checked the precedence, I have tried with both equal precedence and letting this MA being the upper precedence.

    Any ideas what may be causing this error?

    There is no code, I am doing a direct flow.

    Thanks 


    Russell Lema

    Monday, April 20, 2015 4:42 PM

Answers

  • You need to import users from AD as well and synchronize.  Both attributes are reference to a user object.  To rephrase it, user has to come from AD.  You need the DN.

    Nosh Mernacaj, Identity Management Specialist


    • Edited by Nosh Mernacaj Monday, April 20, 2015 5:25 PM
    • Marked as answer by Russ Lema Monday, April 20, 2015 5:51 PM
    Monday, April 20, 2015 5:15 PM

All replies

  • You need to import users from AD as well and synchronize.  Both attributes are reference to a user object.  To rephrase it, user has to come from AD.  You need the DN.

    Nosh Mernacaj, Identity Management Specialist


    • Edited by Nosh Mernacaj Monday, April 20, 2015 5:25 PM
    • Marked as answer by Russ Lema Monday, April 20, 2015 5:51 PM
    Monday, April 20, 2015 5:15 PM
  • Nosh is right, it is because each MA handles references by their own.

    So you should include the users as well and join them to the existing mv objects, but without Attribute flows (just join).

    Or you can include the application OU in the "original" AD MA, which you preferr.

    /Peter


    Peter Stapf - ExpertCircle GmbH - My blog: JustIDM.wordpress.com

    Monday, April 20, 2015 5:50 PM
  • Thanks, I found that out after doing more digging, I am trying to see now, if I just have the users in the CS without having to connect them to the MV if it will work, since they are already provisioned to the MV by a different MA to the same domain. 


    Russell Lema

    Monday, April 20, 2015 5:52 PM