none
full sync and delta sync error. user not provisioned RRS feed

  • Question

  • hello,

    every time  i want to sync initiate a full sync i have below error:

    Microsoft.MetadirectoryServices.FunctionEvaluationException: Error encountered during evaluation of Sync Rule: 'AD Users Outbound'. Details: Object reference not set to an instance of an object.
       at Microsoft.MetadirectoryServices.FunctionLibrary.AttributeFlowMappingHandler.ExecuteOutboundTransformation(CSEntry csentry, MVEntry mventry, String strSyncRuleGuid, String xmlExpression, String workflowParameterTypes, String workflowParameterValues)

    I looked at so many links but my sync rule seems to be ok! here is a screen shot of my sync rule:

    Sunday, January 31, 2016 11:55 AM

Answers

  • Please make sure that you have displayName attribute filled in Metaverse.

    This error is a common one (and doesn't say anything...), but one of the causes is empty attribute used for calculations. In your case you calculate DN attribute using DisplayName. Could you confirm that DisplayName is filled in Metaverse?


    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    • Marked as answer by MatCollins Tuesday, February 2, 2016 6:53 AM
    Sunday, January 31, 2016 1:04 PM
  • Hello,

    Synchronization Rules must first be imported and synced to the MV.

    So you Need to do an Delta Import and Delta Sync to have the changed SyncRule in MV, after that it can do it's work.

    /Peter


    Peter Stapf - ExpertCircle GmbH - My blog: JustIDM.wordpress.com

    • Marked as answer by MatCollins Tuesday, February 2, 2016 6:53 AM
    Monday, February 1, 2016 2:54 PM

All replies

  • Please make sure that you have displayName attribute filled in Metaverse.

    This error is a common one (and doesn't say anything...), but one of the causes is empty attribute used for calculations. In your case you calculate DN attribute using DisplayName. Could you confirm that DisplayName is filled in Metaverse?


    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    • Marked as answer by MatCollins Tuesday, February 2, 2016 6:53 AM
    Sunday, January 31, 2016 1:04 PM

  • This error is a common one (and doesn't say anything...), but one of the causes is empty attribute used for calculations. In your case you calculate DN attribute using DisplayName. Could you confirm that DisplayName is filled in Metaverse?

    well i have never heard of that. i suspect it should be the problem.

    can you guide how do i can check that? i have selected displayname both in FIM MA and AD MA as attributes if you mean that

    I believe displayname is present: 



    • Edited by MatCollins Sunday, January 31, 2016 1:15 PM
    Sunday, January 31, 2016 1:06 PM
  • Ok from the screen I am sure that you DON'T have displayName in metaverse. Please navigate to "Management Agents" view, select agent that is connected to FIM (I don't know what is the name in your environment). Then enter its properties and in "Configure attribute flow" select a new import flow from object Person to object person (in Metaverse) of attribute displayName to displayName.

    Please take a look at the following article:

    How Do I Provision Users to AD DS


    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    Sunday, January 31, 2016 4:09 PM
  • thank you dominik for your help. the error has gone at the moment. :)

    however another error showed up for dn:

    Microsoft.MetadirectoryServices.FunctionEvaluationException: Error encountered during evaluation of Sync Rule: 'AD Users Outbound'. Details: DN "CN=J.doe,OU=Managed,DC=Contoso,DC=com," is not valid.
       at Microsoft.MetadirectoryServices.FunctionLibrary.AttributeFlowMappingHandler.ExecuteOutboundTransformation(CSEntry csentry, MVEntry mventry, String strSyncRuleGuid, String xmlExpression, String workflowParameterTypes, String workflowParameterValues)

    for now since the dn is problematic i guees i need to change sth. the dn is correct 100% sure. should not i create the attributes flow from MV to AD too? in the article you shared there was no information about it.

    I suspect my dn is converted somehow which is not understandable by FIM because at the end of the strin there is a , symbol:

    "CN=J.doe,OU=Managed,DC=Contoso,DC=com,

    this is my DN flow in my Outbound AD:


    • Edited by MatCollins Monday, February 1, 2016 6:17 AM
    Monday, February 1, 2016 6:15 AM
  • Please check in Management Agents view, in AD agent properties, in "Configure Directory Partitions" under "Containers" Button if OU=Managed is selected.
    Moreover, please try to join strings in function:
    +("CN=",displayName,",OU=Managed,DC=Contoso,DC=com")

    instead of doing it one by one.

    Or maybe even:

    +(EscapeDNComponent("CN="+displayName),",OU=Managed,DC=Contoso,DC=com")

    to make sure there are no unacceptable characters


    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    Monday, February 1, 2016 7:03 AM

  • +("CN=",displayName,",OU=Managed,DC=Contoso,DC=com")

    are thos +( considered as string? because I want to concatenate them to the DN. 

    OU Managed is selected in AD MA.

    thanx

    Monday, February 1, 2016 7:19 AM
  • +("something1","something2")

    would concatenate strings something1 and something2

    in case displayName is "Admin123"

    +("CN=",displayName,",OU=Managed,DC=Contoso,DC=com")

    the result would be "CN=Admin123,OU=Managed,DC=Contoso,DC=com"


    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    Monday, February 1, 2016 7:27 AM
  • yes but I meant how to concatenate those to my dn?

    look below plz:

    the result is like this which I assume is not correct:

    sorry for my silly questions. i am a noob fim self studier :)

    Monday, February 1, 2016 7:48 AM
  • Ah, sorry, you have to delete three "String" sections and instead, from drop-down select "function",

    So you would have something like


    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    Monday, February 1, 2016 8:41 AM
  • Ah, sorry, you have to delete three "String" sections and instead, from drop-down select "function",

    thanx for all your post. they are all helpful :)

    my function is totally different than yours: o.O

    however i tried EscapeDN function as below:

    do i need to do a refresh or something? cause after changing that it again tries to connect to OU=Managed,DC=contoso,DC=com, 

    this is now:

    that goddamn + is the problem. oui? :)

    • Edited by MatCollins Monday, February 1, 2016 8:58 AM
    Monday, February 1, 2016 8:53 AM
  • Sorry, my bad, It shouldn't be Function, but CustomExpression :)

    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    Monday, February 1, 2016 10:02 AM
  • I do not have any conditions here, so i guess it is not possible to create a customexpression. look:

    one question:

    when i change the configuration of an AD synchronization rule in portal, do i have to refresh schema or do sth else to refresh those new settings? i immediately run a full sync after changing this configurations, or should i do before.

    ?

    merci

    Monday, February 1, 2016 10:36 AM
  • Hello,

    Synchronization Rules must first be imported and synced to the MV.

    So you Need to do an Delta Import and Delta Sync to have the changed SyncRule in MV, after that it can do it's work.

    /Peter


    Peter Stapf - ExpertCircle GmbH - My blog: JustIDM.wordpress.com

    • Marked as answer by MatCollins Tuesday, February 2, 2016 6:53 AM
    Monday, February 1, 2016 2:54 PM
  • Hello,

    Synchronization Rules must first be imported and synced to the MV.

    So you Need to do an Delta Import and Delta Sync to have the changed SyncRule in MV, after that it can do it's work.

    /Peter

    I though I posted such answer but apparently I haven't.

    Just to add to Peter's answer: if you won't import new sync rule from FIM (invoking any import - delta or full - on the agent), new sync rule wouldn't be considered by metaverse and each sync would operate using old Sync Rule. So yes - you have to invoke import and then sync on FIM Service MA.


    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    Monday, February 1, 2016 3:32 PM
  • thanx for now.

    since the original problem was adding displayname to MV, for now the problem has solved. but I have some problems using custom expression for my dn attribute which i will create it in a new thread.

    thank you all.

    Tuesday, February 2, 2016 6:53 AM