FIM2010–Removing a Pending Deletion from a Datasource

Recently I was working on testing some code with my team and we realized that there were unexpected deletes occurring in the connector space for the Active Directory MA. The problem was these accounts shouldn’t be deleted and therefore, we had to figure out a way to stop these deletes without clearing and reloading the connector spaces of the systems.

The problem is that when an object is slated as a pending deletion export, the connector is changed to an explicit disconnector. Even if you run the MA to reload the object in, the system continues to consider it a pending deletion on the next export run. To prevent the delete from occuring and reattach it to the metaverse entry on which it belongs, the following tasks need to be completed:

  1. Ensure that the metaverse object is still present.
    1. If the object was deleted in the metaverse, you will have to first synchronize the object so the object is present. You may need to turn off provisioning code for this to work properly and you also may just want to use preview to “surgically” add the deleted object back to the metaverse.
    2. If the object was present,  make sure all the data required for joining is present.
  2. Go to the “Joiner” tool and find the object in the explicit disconnectors.
  3. Change the object from an explicit disconnector back to a normal disconnector.
  4. Use preview mode on the disconnector to join it back to the metaverse object. (Note that I do not generally use the joiner tool to perform the join because I like to avoid having explict connectors in my systems.)
  5. Find the metaverse entry for the object using the “Metaverse Search” tool.
  6. Open the properties of the entry and look at the lineage to make sure the previously “disconnected” system is connected.
  7. Double click on the connector space entry that was to be deleted and make sure that it is no longer a pending deletion.

There are a few steps involved but really only steps 2 through 5 are actually fixing the entry. The other steps are preparation and validation. Nothing worse than having administrators complaining because entries were deleted and they had to clean it up. Smile

This entry was posted in Forefront Identity Manager 2010. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s