none
MIM - Object Already Exists in Management Agent RRS feed

  • Question

  • We are currently migrating our student account provisioning from ILM to MIM, but I am running into an issue when trying to run a Full Sync on our SQL MA.  The only other MA is our AD MA.  I'm getting a provisioning error through our MV extension DLL saying that:

    Microsoft.MetadirectoryServices.ObjectAlreadyExistsException: An object with DN "CN=Student Name,OU=2023,OU=BR,OU=Secondary Schools,OU=Students,OU=User Accounts,DC=our,DC=domain" already exists in management agent "Student_AD".
       at Microsoft.MetadirectoryServices.Impl.ConnectorImpl.Commit()
       at Mms_Metaverse.MVExtensionObject.Microsoft.MetadirectoryServices.IMVSynchronization.Provision(MVEntry mventry) in \\fim\c$\MIMRulesExtensions\MVExtension\MVExtension.cs:line 51
    Line 51 is: csentry.CommitNewConnector(); from the code below.

     void IMVSynchronization.Provision (MVEntry mventry)
            {			
                if ((mventry["employeeType"].Value == "Students") && (mventry["ou"].Value == "SECONDARY SCHOOLS"))
                {
                    ConnectedMA StudentAD;
                    CSEntry csentry;
                    ReferenceValue dn;
    
                    StudentAD = mventry.ConnectedMAs["Student_AD"];
    
                    //Sets DN to "CN=[cn],OU=[division],OU=[location],OU=Secondary Schools,OU=Students,OU=UserAccounts,DC=our,DC=domain"
                    dn = StudentAD.EscapeDNComponent("CN=" + mventry["cn"].Value).Concat("OU=" + mventry["division"].Value).Concat("OU=" + mventry["location"].Value).Concat("OU=SECONDARY SCHOOLS,OU=Students,OU=User Accounts,DC=our,DC=domain");
    
                    if (StudentAD.Connectors.Count == 0)
                    {
                        csentry = StudentAD.Connectors.StartNewConnector("user");
                        csentry.DN = dn;
                        csentry.CommitNewConnector();
                    }
    
                    else if (StudentAD.Connectors.Count == 1)
                    {
                        csentry = StudentAD.Connectors.ByIndex[0];
                        csentry.DN = dn;
                    }
    
                    else
                    {
                        string ExceptionMessage;
                        ExceptionMessage = "Multiple Connectors on Management Agent";
                        throw new UnexpectedDataException(ExceptionMessage);
                    }
                }
            }	

    I'm certainly no expert, but it seems to me like it's getting into the wrong if statement, when it should see the connector in the Student_AD MA and try to connect with that.

    I've adapted this code from our MV extension for ILM (which was written in VB) and it looks the same to me, just not sure what's going wrong.  Here's the original code:

     If mventry("o").Value = "Students" And mventry("description").Value = "SECONDARY SCHOOLS" Then
                    Dim stuMA As ConnectedMA
                    Dim csentry As CSEntry
                    Dim dn As ReferenceValue
                    stuMA = mventry.ConnectedMAs("Admin_AD")
                    ' Construct the distinguished name 
                    dn = stuMA.EscapeDNComponent("CN=" + _
            mventry("cn").Value).Concat("ou=" + _
            mventry("division").Value).Concat("ou=Users").Concat("ou=" + _
            mventry("l").Value).Concat("ou=" + _
            mventry("description").Value).Concat("dc=student,dc=our,dc=domain")
                    If stuMA.Connectors.Count = 0 Then
                        csentry = stuMA.Connectors.StartNewConnector("user")
                        csentry.DN = dn
                        csentry.CommitNewConnector()
                    ElseIf stuMA.Connectors.Count = 1 Then
                        ' Get the first connector and assign a new DN.
                        csentry = stuMA.Connectors.ByIndex(0)
                        csentry.DN = dn

    Anyone have any advice?

    Saturday, May 7, 2016 8:10 PM

Answers

  • So I was able to get this going by deleting the AD MA connector space, turning off my Provision Rules extension, doing a Full Import on both the SQL and AD MAs, running a Full Sync on the SQL MA, and then a Full Sync on the AD MA.  I re-enabled the Provision Rules and re-ran both syncs.  This allowed the SQL MA to provision user objects into the MV without considering the AD MAs contents.  Then, the AD MA saw objects to join to based on uid.

    • Edited by RageSto Sunday, May 8, 2016 6:18 AM
    • Marked as answer by RageSto Friday, May 13, 2016 1:28 PM
    Sunday, May 8, 2016 6:17 AM

All replies

  • So I was able to get this going by deleting the AD MA connector space, turning off my Provision Rules extension, doing a Full Import on both the SQL and AD MAs, running a Full Sync on the SQL MA, and then a Full Sync on the AD MA.  I re-enabled the Provision Rules and re-ran both syncs.  This allowed the SQL MA to provision user objects into the MV without considering the AD MAs contents.  Then, the AD MA saw objects to join to based on uid.

    • Edited by RageSto Sunday, May 8, 2016 6:18 AM
    • Marked as answer by RageSto Friday, May 13, 2016 1:28 PM
    Sunday, May 8, 2016 6:17 AM
  • So I was able to get this going by deleting the AD MA connector space, turning off my Provision Rules extension, doing a Full Import on both the SQL and AD MAs, running a Full Sync on the SQL MA, and then a Full Sync on the AD MA.  I re-enabled the Provision Rules and re-ran both syncs.  This allowed the SQL MA to provision user objects into the MV without considering the AD MAs contents.  Then, the AD MA saw objects to join to based on uid.

    That's the way you should proceed - first sync with provisioning disabled - to allow objects to join each other. After such synchronization you can enable provisioning back to have new objects propagated.

    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    Sunday, May 8, 2016 6:47 PM