The objective of the FIM synchronization service is to manage the distributed identity data in your external systems according to the configuration of your synchronization rules. For a complete overview of how the FIM synchronization service works and how
to configure it, see
Understanding Data Synchronization with External Systems. The activities of the FIM synchronization service are initiated by run profile. During the run of a synchronization run profile, the
Synchronization Service Manager user interface might report errors codes such as “sync-rule-flow-provisioning-failed”.
The following illustration shows an example for this:
The call stack information of a synchronization error might indicate that an object does not have a parent object in the connector space of a management agent. The following illustration shows an example for this:
In a typical FIM solution, some external systems such as AD DS have a hierarchical structure.
However, the connector space namespace is flat.
In order to verify the validity of hierarchical attributes such as the DN of an object in AD DS, all components of the related hierarchy must exist in the connector space of a hierarchical data source.
The following picture shows an example for this:
In other words, if your provisioning logic tries to create a new connector with the DN value of
CN=Britta Simon,OU=FIMObjects,DC=fabrikam,DC=com, connector space objects must exist for OU=FIMObjects,DC=fabrikam and DC=com.
The related objects are stages in a connector space during an import operation on the related management agent according to the partition and container configuration in the Management Agent Designer:
To fix this issue, you need to determine what the reason for the DN issue is.
The most common cases are:
Missing hierarchy objects - to get the related objects staged in a connector space, you need to make sure that you have imported them from your data source by running an import.
Prior to running the import, you should also verify whether all required containers and partitions are selected in the management agent's configuration.
Incorrect DN value - the actual value for the DN of a newly provisioned object must be calculated in the related outbound synchronization rule.
You should verify whether your synchronization rule calculates the right value for the DN.
It is possible that the error is caused by a simple typo in your you have a typo in the DN calculation formula.