FIM2010–Sync Engine Oddities

The other day I was working with a coworker and doing some previews of objects that were going through a change of state. The state change from the data source involves a new record being added and an old record being deleted. So it has a pretty major impact because the anchor changes with a delete that wants to remove a metaverse object and an add that wants to project a new object.

In the code, there is a defined connector filter that checks to see if the object is connected or not, and if it is not, see if there is an object with the same account name present in the metaverse. The join rules allow the entries to join on the account name values so if one is disconnected, it can be rejoined (convergence strategy).

On the import, the first record was deleted and the second record was added. The records had the same account name information. The preview of the added record makes it by the connector filter, but fails on the join rule because of ambiguous attribute flows. This would indicate that the metaverse search that was run in the connector filter did not find the entry that the join rules did. Was this because the object in the CS was deleted on the import? If so, why did the join rule find the entry and try to join?

This led me further down the path of running a synchronization. Unlike the import of the data in a text-based MA, the synchronization processed the deletions first. So in this case, the added entry projected because the MVObjectDeletion rules took the object out of the system. (Admittedly, this was undesired behavior as well but something that is being mitigated by some modifications to how the MVObjectDeletion rule operates, but it does illustrate how the preview function may provide false negatives on an action because an operation that would happen beforehand during normal operations has not been executed).

Long story short, preview is a tool. It is not infallible and does require that you review how the objects are processed. Errors in the tool may or may not be reflected through normal synchronization processes.

Advertisements
This entry was posted in Forefront Identity Manager 2010. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s