sync-rule-flow-provisioning-failed
Microsoft.MetadirectoryServices.ProvisioningBySyncRuleException: attribute
I Googled the error message, but I didn't get any direct hits. Turns out, I'd forgotten to check the Initial Flow Only box on the anchor attribute in the outbound sync rule (OSR).
The following links helped find the answer.
http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/1aa13147-e16c-4e99-a7da-76e3c9e8c10d/
http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/6ac2bed1-9704-4fcc-94d2-3be73c5a7f47
I guess this is one of those subtle features that I'd taken for granted. Essentially, this means that there's no built-in "anchor rename" feature on the SQL MAs (this is an Oracle MA, BTW).
Here's another subtle feature that's closely related to this one. As Markus mentions in his article, "In case of a SQL management agent, the anchor attribute is also the DN." However, this doesn't mean that the CS object DN is exported to the anchor column. In fact, you can arbitrarily initialize the CS object DN with the csObjectID (as Markus mentions); and assuming your SQL anchor is generated automatically upon export, you can join on the anchor (like userid) during inbound sync, and (if I recall correctly) the CS object DN will be set equal to the anchor.
No comments:
Post a Comment