none
FIM Extention question regarding multiple WAAD connectors RRS feed

  • Question

  • Hi.

    I've been having some issues with configuring FIM Syncronization Service for use with Single forest/domain, and multiple Office365/Azure tenants.

    I've used this as my base and modified slightly some filters and attribute flows (mainly from local AD to Metaverse), and filters on the WAAD so that no user is synced twice or into the wrong WAAD.
    Link to refrence: https://msdn.microsoft.com/en-us/library/dn511002(v=ws.10).aspx

    So to the question (or issue) at hand.
    I can't for the life of me figure out what I need to change to sync into multiple tenants. Some users (for a single tenant) is synced to the metaverse, but the others are not. I understand why they wont work, mostly because of this code in the extention, that is telling the extention to what MA it should connect to. If i change the name, other users will sync.

    Any suggestion as to how I can rewrite this code to support more MA Connectors?

    ConnectedMA ma = mvEntry.ConnectedMAs["Windows Azure Active Directory"];
                    //Provision a new connector if none exist
    
                    if (ma.Connectors.Count == 0)
                    {
                        try
                        {
                            // Construct the Source Anchor for the new CSEntry
                            String sourceAnchor = mvEntry["sourceAnchor"].StringValue;//RulesCommon.ContructSourceAnchor(mvEntry);
    
                            // Determine the type of object to provision to Office365
                            Office365ObjectType office365ObjectType = GetOffice365ObjectType(mvEntry);
    
                            // Create a new connector.
                            CSEntry cs = ma.Connectors.StartNewConnector(office365ObjectType.ToString());
    
                            // Create the RDN string                          
                            // String rdn = Microsoft.Online.DirSync.Extension.Utilities.DNEncoding.StringToSafeRdn(sourceAnchor);
    
                            // Set the DN                    
                            cs.DN = ma.EscapeDNComponent(mvEntry["sourceAnchor"].StringValue);
    
                            // One-Time EAF Attributes                                                
                            cs["SourceAnchor"].StringValue = sourceAnchor;
    
                            // Commit the Connector
                            cs.CommitNewConnector();
                        }
                        catch (ObjectAlreadyExistsException)
                        {
                            // If we hit this exception it means we have tried to create a CSEntry:
                            //   1. With a duplicate RDN
                            //   AND
                            //   2. In the same container as the duplicate
                            // In this case the exception is ignored.  
                            // On the next sync run the TargetWebServiceMA should resolve this by joining to the MV object
                        }
                    }

    Thanks

    Harald

    Wednesday, October 28, 2015 8:08 AM