none
Get synchronization info from csentry RRS feed

  • Question

  • Hi folk,

    I have a task to get information from csentry object during Full Sync operation:

    1. any error (Export Error tab),

    2. a value of Modification type field (Properties tab).

    This information should be written to custom user attribute.

    I found several fields from Properties and Lineage tabs. For example, object type = user can be get from the code below:

    mventry("custom_attribute").Value = mventry.ConnectedMAs.Item("AD").Connectors.ByIndex(0).ObjectType.ToString
    Please advice is it possible to solve the task using a code and how.

    Friday, January 12, 2018 2:46 PM

Answers

  • Hi Emil-

    You cannot access either of these data points from inside of a rules extension.


    Thanks,
    Brian

    Consulting | Blog | AD Book

    • Marked as answer by Emil Valiev Thursday, January 18, 2018 1:50 PM
    Sunday, January 14, 2018 6:36 PM
    Moderator
  • As Brian, has said, these values can not be accessed via the rule extension code.

    To work out the modification type, you could just compare the attribute in the connector space and metaverse space, and work it out yourself what type of change is occurring.

    It is worth noting for import flow rules, you can only save to a single metaverse attribute, and for export flow rules, you can only save to a single connector space attribute.  So during an export flow rule, you would not be able to write to your custom attribute in the metaverse.

    Their is also nothing stopping you from catching any errors and writing to them to a attribute in the connector space or metaverse, you probably don't want to do this for the connector space though.

    Does this information need to be saved in MIM, could it be saved to a sql database or a log file?  You could always have a separate connector to read that data source in, and join to your object?

    As always,  these suggestions would need full testing before being implemented to make sure they work as intended and do not have to big of an impact on the performance of the solution.

    Ian

    • Marked as answer by Emil Valiev Thursday, January 18, 2018 1:50 PM
    Tuesday, January 16, 2018 8:32 AM

All replies

  • Hi Emil-

    You cannot access either of these data points from inside of a rules extension.


    Thanks,
    Brian

    Consulting | Blog | AD Book

    • Marked as answer by Emil Valiev Thursday, January 18, 2018 1:50 PM
    Sunday, January 14, 2018 6:36 PM
    Moderator
  • Hi Brian,

     

    Thank you for your answer. I mean about this information:

     

    I can receive 'DN', 'Object type' fields values but I don`t know how to get 'Modification type' value.


    Emil Valiev

    Tuesday, January 16, 2018 7:07 AM
  • As Brian, has said, these values can not be accessed via the rule extension code.

    To work out the modification type, you could just compare the attribute in the connector space and metaverse space, and work it out yourself what type of change is occurring.

    It is worth noting for import flow rules, you can only save to a single metaverse attribute, and for export flow rules, you can only save to a single connector space attribute.  So during an export flow rule, you would not be able to write to your custom attribute in the metaverse.

    Their is also nothing stopping you from catching any errors and writing to them to a attribute in the connector space or metaverse, you probably don't want to do this for the connector space though.

    Does this information need to be saved in MIM, could it be saved to a sql database or a log file?  You could always have a separate connector to read that data source in, and join to your object?

    As always,  these suggestions would need full testing before being implemented to make sure they work as intended and do not have to big of an impact on the performance of the solution.

    Ian

    • Marked as answer by Emil Valiev Thursday, January 18, 2018 1:50 PM
    Tuesday, January 16, 2018 8:32 AM
  • Thank you, Ian, for clear explanations.

    There is connector to Service Desk (SD). MIM is received a request from SD (add, change a user) and should sent a result after complete of a request. If there are any errors during processing of request I would like to send an error to SD as csentry data. It`s just one connector both for data and logging.

    There are many attributes flows between connector and metaverse spases - more than 50. I know that it`s possible to compare them to get modification type. But for that I should compare all of 50 attributes...


    Emil Valiev

    Tuesday, January 16, 2018 8:49 AM
  • I think it would be better to look at using a monitoring tool to alert for any errors during the Sync Cycle.  If the monitoring tool detects any errors during the sync cycle, it would then send an email to Service Desk alerting them to the error, which they can fix, and during the next sync cycle it will hopefully work, or generate a different alert email.

    MIM is state based, which means that it will keep trying to create the new user, or make changes until the error is fixed, and it can complete the task as expected.

    Their is a few places issues can occur, and trying to capture them in the code, and write them back to the connector system is not possible, I am thinking of the provisioning code here.

    Going with an external tool to monitor the errors will simplify the code you need to write, prevent any issues with performance, and make the solution easier to support.

    Ian

    Tuesday, January 16, 2018 10:00 AM
  • I have found a workaround using PowerShell (which is added to Extension code) and "MIIS_CSObject" class. It`s enough to resolve a particular case - check whether object is created in external system or not (only to explore objects with modification type = "add").

    Emil Valiev

    Thursday, January 18, 2018 1:55 PM
  • I have found a workaround using PowerShell (which is added to Extension code) and "MIIS_CSObject" class. It`s enough to resolve a particular case - check whether object is created in external system or not (only to explore objects with modification type = "add").

    Emil Valiev

    Emil-

    Unfortunately you run a high risk that you will cause SQL deadlocks doing this from your rules extension, so I would not recommend it.

    If you are going to make WMI calls, the System.Management namespace has the relevant classes so you don't have to layer in a PowerShell call.


    Thanks,
    Brian

    Consulting | Blog | AD Book

    Thursday, January 18, 2018 3:54 PM
    Moderator