none
FIM outbound synchronization rule RRS feed

  • Question

  • Hi i am new to FIM and i am trying to understand the outbound sync.

    I am trying to provision a security group from FIM to active directory, when i make the OSR to be applicable to all metaverses thigns are working fine.

    However when I amt trying to to make synchronization works with sync rule, worflows,MPR, Set the security group is only created in the metaverse and does not move to the AD.

    Almost the same sync. rule is configured

    the workflow is configured with the sync rule

    the MPR is configured with transition in equal to all sets and groups.

    As per my understanding if any secuirty group is created in the "all sets and group" set the MPR shall be triggered and the security group shall be exported to the AD but it is not.

    Moreover I can notice that a new ERE is created in the MV with the synchronization rule status is pending.

     Your support is appreciated and thanks in advance

    Sunday, February 18, 2018 7:52 PM

All replies

  • Hi Najwan10,

    Start from this article.

    Do you specify group type and group scope?


    Emil Valiev


    • Edited by Emil Valiev Wednesday, February 21, 2018 7:09 AM
    Wednesday, February 21, 2018 7:06 AM
  • Hi Emil,

    in the FIMMA i am configuring it to import the group type and the group scope and i can see these two values are populated in the MV.

    in the outbound sync rule i am specifying the below outbound flow:

    source: accountName destination: SamAccountName
    source: ManagedBy   destination: DisplayedOwner
    source: displayname destination: Displayname
    source: member      destination: member

    Source :CustomExpression
    IIF(Eq(type,"Distribution"),IIF(Eq(scope,"Universal"),8, IIF(Eq(scope,"Global"),2,4)), IIF(Eq(scope,"Universal"),-2147483640, IIF(Eq(scope,"Global"),-2147483646,-2147483644)))
    Destination: group type

    source: "CN="+displayName+",OU=FIM-HQ,DC=Yenbou,DC=local" Destination: DN (Initial flow)

    And the once i create the security group in the FIM it is projected in MV but not provisioned in the AD however when creating the same above sync. rule and apply it to all MV objects instead of using WF and MPR things are working fine.

    Can you please help to figure out this issue and thanks a lot.

    ----------------- 

    Regards,

    Najwan.

    Wednesday, February 21, 2018 9:05 AM

    • Edited by Najwan10 Wednesday, February 21, 2018 9:15 AM you can refer to this screenshot for more information about the ERE
    Wednesday, February 21, 2018 9:14 AM
  • Outbound Sync Rule in MIM Portal:

    Export Attribute Flow in AD MA:

    Also make sure that ADMA service account has permissions to create a group in AD OU.


    Emil Valiev

    Wednesday, February 21, 2018 9:40 AM
  • Hi Emil

    Thanks again just I want to inform you that i configured the same parameters but still not working and note that my synchronization rule is working and creating groups in the AD when it is applicable to MV objects however it stops working when I use workflows MPR and sets.

    ------------- 

    Regards,

    Najwan.

    Wednesday, February 21, 2018 7:00 PM
  • Hi Najwan,

    Do you mean that your Sync Rule is configured as below? And it works when you change Apply rule to the second point, doesn`t it?

    Check your configuration triple (workflow+MPR+set). I guess that the problem with it.


    Emil Valiev

    Wednesday, February 28, 2018 12:08 PM
  • Najwan says he sees the ERE created with a status of pending so the MPR (set, WF) triple would seem to be ok. It must be the sync rule itself. 

    I would use the Sync Service Manager to run a preview on the object in the MIM MA connector space and see what happens. You will see more details.


    David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html

    Friday, March 16, 2018 7:58 PM
  • Why have you got attribute flows in the MA?  If you have attribute flows in the sync rule you don't need them in the MA as well
    Wednesday, March 21, 2018 4:19 PM
  • Najwan,

    Could you run a sync preview on the object in question and show us the results?


    David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html

    Friday, March 23, 2018 9:33 PM