0 comments

FIM GAL Sync and the FIM MA (ERE/DRE)

Published on Sunday, May 2, 2010 in ,

Setting up FIM with an SQL (HR data source), Active Directory and the FIM Portal (declarative provisioning) was more or less a quickie. I guess the OCG “FIM Foundation” training helped with that :)

But now I’m starting to add a GAL Sync to that lab setup and things are crumbling down. The first thing I was seeing was a lot of the “extension-dll-exception” messages when doing a sync for the FIM MA:

image

Those anchors (the identifier on the left in the picture) seemed to reference ExpectedRuleEntries being projected into the MV. Those EREs are caused by the synchronization rules I have configured in the portal. The GALSync.dll which is responsible for the provisioning is the one complaining:

Microsoft.MetadirectoryServices.NoSuchAttributeInObjectTypeException: Attribute "cn" is not usable with the object type in question.
   at Microsoft.MetadirectoryServices.Impl.EntryState.GetAttribute(String attributeName, IMacroCollectionBase collection)
   at Microsoft.MetadirectoryServices.GALSync.MVSynchronizer.AddOrRenameConnector(ConnectedMA& MA, GALMA& MAConfig, MVEntry mventry, CSEntry csentry)
   at Microsoft.MetadirectoryServices.GALSync.MVSynchronizer.Provision(MVEntry mventry)

I posted it out on the Technet forums for FIM and it seemed I had to alter the GALSync.dll its behavior. Everything which is being projected in the MV is being parsed by the GALSync.dll logic. By using a select case we can exclude certain object types.

We need the following items to rebuild the GALSync.dll:

  • GALSync sources: C:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\SourceCode\GalSync
  • Logging.dll: C:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\Extensions
  • Microsoft.MetadirectoryServicesEx.dll: C:\Program Files\Microsoft Forefront Identity Manager\2010\Service
  • Visual Studio

After opening the solution in visual studio we get some errors:

image

These are due to the fact that my visual studio is not on the same box as the FIM Sync service is installed on. That’s why I said we would need the sources and dlls. We can add them to the project by right clicking the GALSync and choosing properties

image

Just click Add reference, choose browse and point to the DLLs (both the logging and MetadirectoryServicesEx one)

image

Now we are ready to alter the code as we wish:

Select Case mventry.ObjectType
    Case "expectedRuleEntry"
        ' Do Nothing
        Log(mventry.ToString & " is an expectedRuleEntry, no provisioning required")
    Case "synchronizationRule"
        ' Do Nothing
        Log(mventry.ToString & " is a synchronizationRule, no provisioning required")
    Case "detectedRuleEntry"
        ' Do Nothing
        Log(mventry.ToString & " is a detectedRuleEntry, no provisioning required")
    Case Else
        Dim i As Integer
        Dim MasterConnector As CSEntry = Nothing
        Dim MA As ConnectedMA
        Log("Entering provisioning for " & mventry.ToString)

        ...

End Select

Watch out: the Case string is case sensitive, ExpectedRuleEntry will not work. Minor e is required.

Many thanks to Jeremy Palenchar for providing the code.

Related Posts

No Response to "FIM GAL Sync and the FIM MA (ERE/DRE)"

Add Your Comment