Wednesday, November 12, 2014

Update-recipient: [Object] wasn't found. Please make sure you've typed it correctly.


Got a misleading error message from Exchange Powershell cmdlets.

Problem description
  • FIM 2010
  • AD DS MA
  • Provision for Exchange 2010
  • Export contact
  • No error message
  • Contact object not mail-enabled
  • Try PS command via Exchange Management Shell
  • Object not found (see error below)
Resolution
  • mailNickname was empty!

[PS] C:\>update-recipient -Identity "CN=Whisky Tango (wtango@foxtrot.ca),OU=Contacts,DC=exchange,DC=loc" -DomainController Exchange2010srv.exchange.loc
Creating a new session for implicit remoting of "Update-Recipient" command...
exchange.loc/Contacts/Whisky Tango (wtango@foxtrot.ca) wasn't found. Please make sure you've typed it correctly.
    + CategoryInfo          : ObjectNotFound: (exchange.loc/Co...tango@foxtrot.ca):RecipientIdParameter) [Update-Recipient], ManagementObjectNotFoundException

    + FullyQualifiedErrorId : 4247562D,Microsoft.Exchange.Management.RecipientTasks.UpdateRecipient

Tuesday, October 7, 2014

Network impact assessment (NIA): FIM 2010 AD MA LDAP traffic throughput

I just performed a Wireshark capture between the FIM and several Active Directory domains to try to validate whether the numbers in the MIIS 2003 Capacity Planning whitepaper are (a) still relevant to FIM 2010 and (b) actually relevant to AD connected data sources.  The whitepaper mentions that the test results show throughput between MIIS and its SQL database.  So, it doesn't specifically say that the numbers are relevant to connected data sources, but it does mention them in the recommended best practices section; and this is confusing.

So, I'm here to clear up the confusion.  And I can summarize by saying, yes, the numbers in the whitepaper are relevant to AD connected data sources.  Here are my findings:

Average LDAP traffic throughput 1.2 Mbps
Peak LDAP traffic throughput 6 Mbps

These findings seem to verify the claim from the MIIS 2003 capacity planning whitepaper that a 5 Mbps bandwidth is the bare minimum (for connected data sources). The sections below show more details about the tests.

CORP_ADMA Full import
object_type count
computer 82
contact 2072
container 208
domainDNS 1
foreignSecurityPrincipal 21
group 1787
NULL 82
organizationalUnit 616
user 10020
TOTAL objects 14889

1.14 Mbps

28287944 total bytes

28287944 / 1024^2 = 26.9775 MB

28287944 * 8 = 226303552 bits

226303552 / 198.559 = 1.1397E6 bps
6e6 bits/tick @ 1 sec/tick

6e6/1e6=6 Mbps peak




EXCH_ADMA Full import
object_type count
contact 3365
container 107
domainDNS 1
group 280
NULL 57
organizationalUnit 163
user 6740
TOTAL objects 10713

1.264 Mbps

19285496 total bytes

19285496 / 1024^2 = 18.3921 MB

5.5e6 bits/tick @ 1 sec/tick
5.5e6/1e6=5.5 Mbps peak



WEB_ADMA Full import
object_type count
container 82
domainDNS 1
group 45
NULL 8
organizationalUnit 3
user 2184
TOTAL objects 2323

1.197 Mbps

2611566 total bytes

2611566 / 1024^2 = 2.4906 MB

5e6 bits/tick @ 1 sec/tick
5e6/1e6=5 Mbps peak


Thursday, August 21, 2014

How to: Create anchor for delta import record in ECMA 2.0 GetImportEntries

#region FAIL http://social.technet.microsoft.com/Forums/en-US/a2bc4a62-a987-444a-9382-7a37ba49fcf8/getting-missingchangetype-error-during-delta-import-on-callbased-ecma2?forum=ilm2
//csentry.DN = row["dn"].ToString().Trim();
#endregion
/// Lesson learned: DO NOT name one of the columns 'DN'.
/// http://c--shark.blogspot.com/2014/08/lesson-learned-ecma2-do-not-name-one-of.html
csentry.AnchorAttributes.Add(
    AnchorAttribute.Create("SQL_DN", row["dn"].ToString().Trim()));

Lesson learned: ECMA2: Do NOT name one of the schema columns 'DN'

Here are my notes on troubleshooting errors with an ECMA 2.0. Turns out, the errors were due to the fact that one of the columns was named 'DN'. As you can imagine, troubleshooting this was maddening...
·        ECMA2 connector to SQL Server
·        One of the column names was 'DN'
·        In GetSchema:
if (string.Equals(key, "dn"StringComparison.CurrentCultureIgnoreCase))
{
    personType.Attributes.Add(SchemaAttribute.CreateAnchorAttribute(key, AttributeType.String));
}
·        Upon full import (see event log below):
o   missing-anchor-component
o   invalid-attribute-value
o   staging-error
·        GetImportEntries taken from MSFT example:
public GetImportEntriesResults GetImportEntries(GetImportEntriesRunStep importRunStep)
{
    //
    // In our sample below, we create objects using a fixed format.
    //
    GetImportEntriesResults importReturnInfo;
    List<CSEntryChange> csentries = new List<CSEntryChange>();
    // Full Import.
    if (OperationType.Full == m_ImportType)
    {
        // Object 1
        CSEntryChange csentry1 = CSEntryChange.Create();
        csentry1.ObjectModificationType = ObjectModificationType.Add;
        csentry1.ObjectType = "person";
        //csentry1.DN = "CN=Object1,CN=Users,DC=contoso,DC=com";
        csentry1.AttributeChanges.Add(AttributeChange.CreateAttributeAdd("DN""1"));
        //csentry1.AttributeChanges.Add(AttributeChange.CreateAttributeAdd("USERNAME", "Object1"));
        //csentry1.AttributeChanges.Add(AttributeChange.CreateAttributeAdd("email", "Object1@contoso.com"));
        //csentry1.AttributeChanges.Add(AttributeChange.CreateAttributeAdd("multiAttr", new List<object>() { "value1", "value1", "value3" }));
        csentries.Add(csentry1);
        // Object 2
        CSEntryChange csentry2 = CSEntryChange.Create();
        csentry2.ObjectModificationType = ObjectModificationType.Add;
        csentry2.ObjectType = "person";
        //csentry2.DN = "CN=Object2,CN=Users,DC=contoso,DC=com";
        csentry2.AttributeChanges.Add(AttributeChange.CreateAttributeAdd("DN""2"));
        //csentry2.AttributeChanges.Add(AttributeChange.CreateAttributeAdd("USERNAME", "Object2"));
        //csentry2.AttributeChanges.Add(AttributeChange.CreateAttributeAdd("email", "Object2@contoso.com"));
        //csentry2.AttributeChanges.Add(AttributeChange.CreateAttributeAdd("multiAttr", new List<object>() { "value4", "value5", "value6" }));
        csentries.Add(csentry2);
    }
    // Create the result
    importReturnInfo = new GetImportEntriesResults();
    importReturnInfo.MoreToImport = false;
    importReturnInfo.CSEntries = csentries;
    // Also, GetImportEntriesResults.CustomData can be used for retaining necessary data
    // for performing a subsequent import.
    // A typical case of this might be the watermark used
    // for delta import.
    //
    return importReturnInfo;
}
·        Event log:
FIMSynchronizationService
The server encountered an unexpected error while performing an operation for a management agent.
 "Microsoft.MetadirectoryServices.Impl.InternalError: 0x80230301
   at Microsoft.MetadirectoryServices.Impl.ScriptHost.ThrowExceptionFromHRESULT(Int32 hr)
   at Microsoft.MetadirectoryServices.Impl.Ecma2ConversionServices.AddAttributeToDImage(CDImage* pdimage, String attributeName, AttributeModificationType attributeModificationType, IList`1 attributeValueChanges, Int32 escapeReferenceDNValues)
   at Microsoft.MetadirectoryServices.Impl.Ecma2ConversionServices.ConvertToDImage(CSEntryChange csEntryChange, CDImage** ppDImage, Int32 escapeReferenceDNValues)
   at Microsoft.MetadirectoryServices.Impl.ScriptHost.InvokeExtMA_ImportEntry(UInt32 cBatchSize, UInt16* pcszCustomData, UInt32 cFullObject, _OCTET* rgoctFullObject, UInt32* rgomodt, UInt32* pcpcszChangedAttributes, UInt16*** prgpcszChangedAttributes, Int32 fIsDNStyleNone, UInt16** ppszUpdatedCustomData, _OCTET* rgoctCSImage, Int32* rgextec, UInt16** rgpszErrorName, UInt16** rgpszErrorDetail, Int32* pfMoreToImport)"
FIMSynchronizationService
The server encountered an unexpected error in the synchronization engine:
 "BAIL: MMS(8916): d:\bt\32669\private\source\miis\server\sync\syncstage.cpp(595): 0x80230302 (The image or delta doesn't have an anchor.)
Forefront Identity Manager 4.1.3559.0"
FIMSynchronizationService
The server encountered an unexpected error in the synchronization engine:
 "BAIL: MMS(6992): d:\bt\32669\private\source\miis\ma\xml\ma.cpp(5012): 0x80230005 (Management agent encountered an error while processing an object.)
BAIL: MMS(6992): d:\bt\32669\private\source\miis\server\sync\syncstage.cpp(595): 0x80230302 (The image or delta doesn't have an anchor.)
Forefront Identity Manager 4.1.3559.0"
FIMSynchronizationService
The server encountered an unexpected error in the synchronization engine:
 "BAIL: MMS(13268): d:\bt\32669\private\source\miis\ma\xml\ma.cpp(5078): 0x80230005 (Management agent encountered an error while processing an object.)
BAIL: MMS(13268): d:\bt\32669\private\source\miis\shared\ldaputils\dnutils.cpp(580): 0x80070057 (The parameter is incorrect.): Error parsing DN 99999: DN terminates in attribute name
BAIL: MMS(13268): d:\bt\32669\private\source\miis\ma\extensible\extensible.cpp(2057): 0x80070057 (The parameter is incorrect.)
BAIL: MMS(13268): d:\bt\32669\private\source\miis\server\sync\syncstage.cpp(595): 0x80230302 (The image or delta doesn't have an anchor.)
Forefront Identity Manager 4.1.3559.0"
FIMSynchronizationService
The server encountered an unexpected error in the synchronization engine:
 "BAIL: MMS(8916): d:\bt\32669\private\source\miis\ma\xml\ma.h(734): 0x80230005 (Management agent encountered an error while processing an object.)
BAIL: MMS(8916): d:\bt\32669\private\source\miis\ma\xml\ma.cpp(4358): 0x80230005 (Management agent encountered an error while processing an object.)
BAIL: MMS(8916): d:\bt\32669\private\source\miis\ma\xml\ma.cpp(5240): 0x80230005 (Management agent encountered an error while processing an object.)
BAIL: MMS(8916): d:\bt\32669\private\source\miis\server\sync\syncstage.cpp(595): 0x80230302 (The image or delta doesn't have an anchor.)
Forefront Identity Manager 4.1.3559.0"