TechQA.

FIM how to rename the anchor in SQL MA

797 views Asked by At

I'm doing a FIM 2010R2 sync engine project where I'm importing AD user into FIM and exporting some info to a SQL table. I have written the provisioning code and it works fine.

Here is my target SQL table.

CREATE TABLE [dbo].[tbl_FGPP_Members](
    [MemberObjectGUID] [varbinary](50) NULL,
    [MemberDN] [nvarchar](255) NOT NULL,
    [MemberObjectType] [nvarchar](10) NOT NULL,
    [Member_ADDomain] [nvarchar](16) NULL,
    [Member_sAMAccountName] [nvarchar](64) NULL
) ON [PRIMARY]

On the FIM management agent for SQL, I have set MemberDN as the anchor. Which means I can only write to it from provisioning code and cannot flow the distinguishedname from ad user to it directly.

However, after the ad user information lands up in SQL, if that ad user is renamed or moved in ad, it's distinguishedName changes. When I reimport those changes, I want FIM to be able to update the MemberDN column. Since I can't have a flow rule for this (as it says MemberDN is readonly), I tried doing the following from the provisioning code when I meet the following condition for the mvobject.

    if(sqlFGPPUser.Connectors.Count == 1)
{
 updateFGPPUsersInSQL(mventry, sqlFGPPUser);
}

The function is:

void updateFGPPUsersInSQL(MVEntry mventry, ConnectedMA sqlFGPPUser)
        {
            CSEntry csentry;
            ReferenceValue dn;

            csentry = sqlFGPPUser.Connectors.ByIndex[0];
            dn = sqlFGPPUser.EscapeDNComponent(mventry["ADdistinguishedName"].Value);

            if (mventry["ADdistinguishedName"].Value.ToLower() != csentry.DN.ToString().ToLower())
            {
                try
                {
                    csentry.DN = dn;
                }
                catch (Exception Ex)
                {
                    throw new Exception("Exception Message: Exception encountered while renaming the MemberDN " + Ex.Message.ToString());
                }
            }
        }

Basically what I'm doing is checking to see if a rename has happened or else it will run it everytime for every mvobject on running sync run profile.

However, I get an error when I run it. For the users which were renamed/moved in ad, I import those changes and when I run the sync I get:

System.Exception: Exception Message: Exception encountered while renaming the MemberDN attribute MemberDN is read-only
    at Mms_Metaverse.MVExtensionObject.updateFGPPUsersInSQL(MVEntry& mventry, ConnectedMA& sqlFGPPUser) in D:\FIM C# Code\FGPP100\FGPP100\MVExtension\MVExtension.cs:line 526
    at Mms_Metaverse.MVExtensionObject.Microsoft.MetadirectoryServices.IMVSynchronization.Provision(MVEntry mventry) in D:\FIM C# Code\FGPP100\FGPP100\MVExtension\MVExtension.cs:line 566

How can I update the MemberDN column with updated AdDistinguishedName? :(

Thank you. GT

c# visual-studio-2010 identity-management
Original Q&A
0

There are 0 answers

Related Questions in C#

Related Questions in VISUAL-STUDIO-2010

Related Questions in IDENTITY-MANAGEMENT

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions