Discussion:
Provisioning with Rules Extention doesn't work, need help on my code maybe!
(too old to reply)
Oliver
2005-06-07 06:33:28 UTC
Permalink
I am working on a project that does account provision / password sync
from domain1 (here a 'company.net') to domain2 (here:test.net) and both are
AD 2003 domains.

see my drawing for a quick graphical view
Loading Image...

I managed to import Users and Groups to the Metaverse with Management Agent
A.
The Import of additional userdate from Oracle wiht Management Agent B should
be done later.
Now I want to provision the Users/Groups from Metaverse to the Connector
Space.

In relation to the "Simple Account Provisioning"-Scenario from Microsoft, i
hacked code so far (which is at the end of this posting)
I compiled with F5 and put the MyProvision.dll in the <extensions>-folder.
In Identity Manager, I picked my dll for "Metaverse rule extension".

Q:
1. Does my code contains some obvious errors?

2. When does the metaverse extenstion proceeds? (may be a silly questions
but I am not really sure, if the extenstions is running)

3. What else must I probably to do make this Provisioning work? How must
Management Agent C look like (e.g. Run Profile Sync or Export?)

Thanks in advance,
Regards,
Oliver


----------------MY CODE---------------------

Imports Microsoft.MetadirectoryServices
Imports System.Xml

Public Class MyProvision
Implements IMVSynchronization

Public Sub Initialize() Implements
Microsoft.MetadirectoryServices.IMVSynchronization.Initialize
End Sub

Public Sub Provision(ByVal mventry As MVEntry) Implements
IMVSynchronization.Provision

' Get the number of connectors for this MVEntry object under
' this management agent
Dim ManagementAgent As ConnectedMA
Dim Connectors As Integer
Dim newCSEntry As CSEntry
Dim DN As ReferenceValue

Connectors = ManagementAgent.Connectors.Count
DN =
ManagementAgent.EscapeDNComponent(System.Guid.NewGuid().ToString)

If 0 = Connectors Then
' Create the new connector
newCSEntry =
ManagementAgent.Connectors.StartNewConnector("person")

' Assign the distinguished name
newCSEntry.DN = DN

' Finish creating the new connector
newCSEntry.CommitNewConnector()

ElseIf 1 = Connectors Then
' Assign the distinguished name using the existing connector
newCSEntry = ManagementAgent.Connectors.ByIndex(0)
newCSEntry.DN = DN
newCSEntry("LastName").Value = mventry("sn").Value
newCSEntry("givenName").Value = mventry("gn").Value
newCSEntry("sAMAccountName").Value = mventry("uid").Value
newCSEntry("description").Value = mventry("description").Value
Else
Dim ExceptionMessage As String
ExceptionMessage = "Multiple Connectors on Management Agent"
Throw New UnexpectedDataException(ExceptionMessage)

End If

End Sub

Public Function ShouldDeleteFromMV(ByVal newCSEntry As
Microsoft.MetadirectoryServices.CSEntry, ByVal mventry As
Microsoft.MetadirectoryServices.MVEntry) As Boolean Implements
Microsoft.MetadirectoryServices.IMVSynchronization.ShouldDeleteFromMV

End Function

Public Sub Terminate() Implements
Microsoft.MetadirectoryServices.IMVSynchronization.Terminate

End Sub
End Class
Almero (PuttyQ)
2005-06-07 12:58:22 UTC
Permalink
Hey Olivier

Question 1
-----------

a) Are you getting any specific errors when running your current solution?
b) I would suggest you check out
http://www.oxfordcomputergroup.com/?nav=resources. [Provisioning with
Microsoft Identity Integration Server 2003] is an very good step by step
guide to provisioning code.
c) As far as the code is concerned:
c.1) You never define what the variable "ManagementAgent" refers to.
You need to create a reference to whichever MA you are trying to address.
This is very nicely explain the the doc.
c.2) If a connector exists you define various attribuite flows. This
is the wrong place for this. Attribute flow (e.g.
newCSEntry("LastName").Value = mventry("sn").Value) should reside in the
MA's flow rules. The MVExtension is used for provisoining and
deprovisoining. (Again check the doc)


Question 2
-----------
The MVExtension will be executed whenever a MV object is processed by a
Synchronization run profile. This will happen for various reasons:
1) A MV object is first projected
2) A connector joins to an mv object
3) A connector disconnects (for whatever reason)
4) Inbound synchronization causes its data to change


Question 3
-----------

I recommend you look at the doc listed above as well as the walkthroughts
for MIIS. (Simple Provisioning really has all the info you require). If you
have specific questions / concerns please get back to us.

Check out http://go.microsoft.com/fwlink/?LinkId=46404 for a complete list
of all the documentation you will require about MIIS. :)

Hope this helps.

-Al
Post by Oliver
I am working on a project that does account provision / password sync
from domain1 (here a 'company.net') to domain2 (here:test.net) and both
are AD 2003 domains.
see my drawing for a quick graphical view
http://www.oneumann.de/temp/miis-concept.png
I managed to import Users and Groups to the Metaverse with Management
Agent A.
The Import of additional userdate from Oracle wiht Management Agent B
should be done later.
Now I want to provision the Users/Groups from Metaverse to the Connector
Space.
In relation to the "Simple Account Provisioning"-Scenario from Microsoft,
i hacked code so far (which is at the end of this posting)
I compiled with F5 and put the MyProvision.dll in the <extensions>-folder.
In Identity Manager, I picked my dll for "Metaverse rule extension".
1. Does my code contains some obvious errors?
2. When does the metaverse extenstion proceeds? (may be a silly questions
but I am not really sure, if the extenstions is running)
3. What else must I probably to do make this Provisioning work? How must
Management Agent C look like (e.g. Run Profile Sync or Export?)
Thanks in advance,
Regards,
Oliver
----------------MY CODE---------------------
Imports Microsoft.MetadirectoryServices
Imports System.Xml
Public Class MyProvision
Implements IMVSynchronization
Public Sub Initialize() Implements
Microsoft.MetadirectoryServices.IMVSynchronization.Initialize
End Sub
Public Sub Provision(ByVal mventry As MVEntry) Implements
IMVSynchronization.Provision
' Get the number of connectors for this MVEntry object under
' this management agent
Dim ManagementAgent As ConnectedMA
Dim Connectors As Integer
Dim newCSEntry As CSEntry
Dim DN As ReferenceValue
Connectors = ManagementAgent.Connectors.Count
DN =
ManagementAgent.EscapeDNComponent(System.Guid.NewGuid().ToString)
If 0 = Connectors Then
' Create the new connector
newCSEntry =
ManagementAgent.Connectors.StartNewConnector("person")
' Assign the distinguished name
newCSEntry.DN = DN
' Finish creating the new connector
newCSEntry.CommitNewConnector()
ElseIf 1 = Connectors Then
' Assign the distinguished name using the existing connector
newCSEntry = ManagementAgent.Connectors.ByIndex(0)
newCSEntry.DN = DN
newCSEntry("LastName").Value = mventry("sn").Value
newCSEntry("givenName").Value = mventry("gn").Value
newCSEntry("sAMAccountName").Value = mventry("uid").Value
newCSEntry("description").Value = mventry("description").Value
Else
Dim ExceptionMessage As String
ExceptionMessage = "Multiple Connectors on Management Agent"
Throw New UnexpectedDataException(ExceptionMessage)
End If
End Sub
Public Function ShouldDeleteFromMV(ByVal newCSEntry As
Microsoft.MetadirectoryServices.CSEntry, ByVal mventry As
Microsoft.MetadirectoryServices.MVEntry) As Boolean Implements
Microsoft.MetadirectoryServices.IMVSynchronization.ShouldDeleteFromMV
End Function
Public Sub Terminate() Implements
Microsoft.MetadirectoryServices.IMVSynchronization.Terminate
End Sub
End Class
Oliver
2005-06-07 13:10:12 UTC
Permalink
Hi and thank you for your answer,

in the meantime I've also found the Oxford-Provisioning-Document, which
indeed is very useful.
So today I created an MA with fixed width text file and created an MV Rules
Extention who just should provision my users to a simple text file which I
finally got to work! :)
So no I'll have a look at how to provision my Target Active Directory.

If I'll got massive problem, I'll ask again :)

Thanks again,
Oliver
Post by Almero (PuttyQ)
Hey Olivier
Question 1
-----------
a) Are you getting any specific errors when running your current solution?
b) I would suggest you check out
http://www.oxfordcomputergroup.com/?nav=resources. [Provisioning with
Microsoft Identity Integration Server 2003] is an very good step by step
guide to provisioning code.
c.1) You never define what the variable "ManagementAgent" refers
to. You need to create a reference to whichever MA you are trying to
address. This is very nicely explain the the doc.
c.2) If a connector exists you define various attribuite flows.
This is the wrong place for this. Attribute flow (e.g.
newCSEntry("LastName").Value = mventry("sn").Value) should reside in the
MA's flow rules. The MVExtension is used for provisoining and
deprovisoining. (Again check the doc)
Question 2
-----------
The MVExtension will be executed whenever a MV object is processed by a
1) A MV object is first projected
2) A connector joins to an mv object
3) A connector disconnects (for whatever reason)
4) Inbound synchronization causes its data to change
Question 3
-----------
I recommend you look at the doc listed above as well as the walkthroughts
for MIIS. (Simple Provisioning really has all the info you require). If
you have specific questions / concerns please get back to us.
Check out http://go.microsoft.com/fwlink/?LinkId=46404 for a complete list
of all the documentation you will require about MIIS. :)
Hope this helps.
-Al
Post by Oliver
I am working on a project that does account provision / password sync
from domain1 (here a 'company.net') to domain2 (here:test.net) and both
are AD 2003 domains.
see my drawing for a quick graphical view
http://www.oneumann.de/temp/miis-concept.png
I managed to import Users and Groups to the Metaverse with Management
Agent A.
The Import of additional userdate from Oracle wiht Management Agent B
should be done later.
Now I want to provision the Users/Groups from Metaverse to the Connector
Space.
In relation to the "Simple Account Provisioning"-Scenario from Microsoft,
i hacked code so far (which is at the end of this posting)
I compiled with F5 and put the MyProvision.dll in the
<extensions>-folder. In Identity Manager, I picked my dll for "Metaverse
rule extension".
1. Does my code contains some obvious errors?
2. When does the metaverse extenstion proceeds? (may be a silly questions
but I am not really sure, if the extenstions is running)
3. What else must I probably to do make this Provisioning work? How must
Management Agent C look like (e.g. Run Profile Sync or Export?)
Thanks in advance,
Regards,
Oliver
----------------MY CODE---------------------
Imports Microsoft.MetadirectoryServices
Imports System.Xml
Public Class MyProvision
Implements IMVSynchronization
Public Sub Initialize() Implements
Microsoft.MetadirectoryServices.IMVSynchronization.Initialize
End Sub
Public Sub Provision(ByVal mventry As MVEntry) Implements
IMVSynchronization.Provision
' Get the number of connectors for this MVEntry object under
' this management agent
Dim ManagementAgent As ConnectedMA
Dim Connectors As Integer
Dim newCSEntry As CSEntry
Dim DN As ReferenceValue
Connectors = ManagementAgent.Connectors.Count
DN =
ManagementAgent.EscapeDNComponent(System.Guid.NewGuid().ToString)
If 0 = Connectors Then
' Create the new connector
newCSEntry =
ManagementAgent.Connectors.StartNewConnector("person")
' Assign the distinguished name
newCSEntry.DN = DN
' Finish creating the new connector
newCSEntry.CommitNewConnector()
ElseIf 1 = Connectors Then
' Assign the distinguished name using the existing connector
newCSEntry = ManagementAgent.Connectors.ByIndex(0)
newCSEntry.DN = DN
newCSEntry("LastName").Value = mventry("sn").Value
newCSEntry("givenName").Value = mventry("gn").Value
newCSEntry("sAMAccountName").Value = mventry("uid").Value
newCSEntry("description").Value = mventry("description").Value
Else
Dim ExceptionMessage As String
ExceptionMessage = "Multiple Connectors on Management Agent"
Throw New UnexpectedDataException(ExceptionMessage)
End If
End Sub
Public Function ShouldDeleteFromMV(ByVal newCSEntry As
Microsoft.MetadirectoryServices.CSEntry, ByVal mventry As
Microsoft.MetadirectoryServices.MVEntry) As Boolean Implements
Microsoft.MetadirectoryServices.IMVSynchronization.ShouldDeleteFromMV
End Function
Public Sub Terminate() Implements
Microsoft.MetadirectoryServices.IMVSynchronization.Terminate
End Sub
End Class
Almero (PuttyQ)
2005-06-07 13:25:51 UTC
Permalink
Thats no problem Olvier - glad to help :)
Post by Oliver
Hi and thank you for your answer,
in the meantime I've also found the Oxford-Provisioning-Document, which
indeed is very useful.
So today I created an MA with fixed width text file and created an MV
Rules Extention who just should provision my users to a simple text file
which I finally got to work! :)
So no I'll have a look at how to provision my Target Active Directory.
If I'll got massive problem, I'll ask again :)
Thanks again,
Oliver
Post by Almero (PuttyQ)
Hey Olivier
Question 1
-----------
a) Are you getting any specific errors when running your current solution?
b) I would suggest you check out
http://www.oxfordcomputergroup.com/?nav=resources. [Provisioning with
Microsoft Identity Integration Server 2003] is an very good step by step
guide to provisioning code.
c.1) You never define what the variable "ManagementAgent" refers
to. You need to create a reference to whichever MA you are trying to
address. This is very nicely explain the the doc.
c.2) If a connector exists you define various attribuite flows.
This is the wrong place for this. Attribute flow (e.g.
newCSEntry("LastName").Value = mventry("sn").Value) should reside in the
MA's flow rules. The MVExtension is used for provisoining and
deprovisoining. (Again check the doc)
Question 2
-----------
The MVExtension will be executed whenever a MV object is processed by a
1) A MV object is first projected
2) A connector joins to an mv object
3) A connector disconnects (for whatever reason)
4) Inbound synchronization causes its data to change
Question 3
-----------
I recommend you look at the doc listed above as well as the walkthroughts
for MIIS. (Simple Provisioning really has all the info you require). If
you have specific questions / concerns please get back to us.
Check out http://go.microsoft.com/fwlink/?LinkId=46404 for a complete
list of all the documentation you will require about MIIS. :)
Hope this helps.
-Al
Post by Oliver
I am working on a project that does account provision / password sync
from domain1 (here a 'company.net') to domain2 (here:test.net) and both
are AD 2003 domains.
see my drawing for a quick graphical view
http://www.oneumann.de/temp/miis-concept.png
I managed to import Users and Groups to the Metaverse with Management
Agent A.
The Import of additional userdate from Oracle wiht Management Agent B
should be done later.
Now I want to provision the Users/Groups from Metaverse to the Connector
Space.
In relation to the "Simple Account Provisioning"-Scenario from
Microsoft, i hacked code so far (which is at the end of this posting)
I compiled with F5 and put the MyProvision.dll in the
<extensions>-folder. In Identity Manager, I picked my dll for "Metaverse
rule extension".
1. Does my code contains some obvious errors?
2. When does the metaverse extenstion proceeds? (may be a silly
questions but I am not really sure, if the extenstions is running)
3. What else must I probably to do make this Provisioning work? How must
Management Agent C look like (e.g. Run Profile Sync or Export?)
Thanks in advance,
Regards,
Oliver
----------------MY CODE---------------------
Imports Microsoft.MetadirectoryServices
Imports System.Xml
Public Class MyProvision
Implements IMVSynchronization
Public Sub Initialize() Implements
Microsoft.MetadirectoryServices.IMVSynchronization.Initialize
End Sub
Public Sub Provision(ByVal mventry As MVEntry) Implements
IMVSynchronization.Provision
' Get the number of connectors for this MVEntry object under
' this management agent
Dim ManagementAgent As ConnectedMA
Dim Connectors As Integer
Dim newCSEntry As CSEntry
Dim DN As ReferenceValue
Connectors = ManagementAgent.Connectors.Count
DN =
ManagementAgent.EscapeDNComponent(System.Guid.NewGuid().ToString)
If 0 = Connectors Then
' Create the new connector
newCSEntry =
ManagementAgent.Connectors.StartNewConnector("person")
' Assign the distinguished name
newCSEntry.DN = DN
' Finish creating the new connector
newCSEntry.CommitNewConnector()
ElseIf 1 = Connectors Then
' Assign the distinguished name using the existing connector
newCSEntry = ManagementAgent.Connectors.ByIndex(0)
newCSEntry.DN = DN
newCSEntry("LastName").Value = mventry("sn").Value
newCSEntry("givenName").Value = mventry("gn").Value
newCSEntry("sAMAccountName").Value = mventry("uid").Value
newCSEntry("description").Value =
mventry("description").Value
Else
Dim ExceptionMessage As String
ExceptionMessage = "Multiple Connectors on Management Agent"
Throw New UnexpectedDataException(ExceptionMessage)
End If
End Sub
Public Function ShouldDeleteFromMV(ByVal newCSEntry As
Microsoft.MetadirectoryServices.CSEntry, ByVal mventry As
Microsoft.MetadirectoryServices.MVEntry) As Boolean Implements
Microsoft.MetadirectoryServices.IMVSynchronization.ShouldDeleteFromMV
End Function
Public Sub Terminate() Implements
Microsoft.MetadirectoryServices.IMVSynchronization.Terminate
End Sub
End Class
Loading...