Identity Broker Forum

Welcome to the community forum for Identity Broker.

Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.

0
Fixed
Matthew Woolnough 2 weeks ago in Identity Broker for Microsoft SharePoint • updated 2 weeks ago 5

Running a Delta import and Delta Sync from IdB Sharepoint connector and get the error below. Ran a Full Import and Full Synchronization & the error did not occur.  Ran a Delta import and Delta Sync again and error does not occur.

Not sure if I'll be able to replicate again, but raising regardless.


The extensible extension returned an unsupported error.
 The stack trace is:
 
 "System.ArgumentException: Value bp is not a valid hexadecimal number.
Parameter name: sourceValue
   at Unify.Framework.IO.DNComponentAttributeValueParserAdapter.Transform(String sourceValue)
   at Unify.Framework.IO.DistinguishedNameComponent.CreateDNComponent(String dnComponentString)
   at Unify.Framework.IO.DistinguishedNameConversionFromString.CreateDistinguishedName()
   at Unify.Product.IdentityBroker.ImportProxy.GetContainerName(String dn)
   at Unify.Product.IdentityBroker.ImportProxy.TryGetObjectClass(String dn, String& objectClass)
   at Unify.Product.IdentityBroker.ImportProxy.<EntryToDeltas>d__25.MoveNext()
   at System.Linq.Enumerable.<SelectManyIterator>d__16`2.MoveNext()
   at System.Linq.Enumerable.<SelectManyIterator>d__16`2.MoveNext()
   at Unify.Product.IdentityBroker.ExtensionMethods.Take[TSource](IEnumerator`1 source, Int32 count, IList`1& items)
   at Unify.Product.IdentityBroker.ExtensionMethods.<Page>d__3`1.MoveNext()
   at Unify.Product.IdentityBroker.ImportProxy.Import(GetImportEntriesRunStep importRunStep)
   at Unify.Product.IdentityBroker.UnifyLdapConnectorTypeProxy.GetImportEntries(GetImportEntriesRunStep importRunStep)
   at Unify.Product.IdentityBroker.UnifyLdapConnector.GetImportEntries(GetImportEntriesRunStep importRunStep)
Forefront Identity Manager 4.4.1459.0"


Answer
Curtis Lusmore 2 weeks ago

Hi Matt,

Thanks for raising this. This looks to be the same issue as DN Creation not escaping LDAP Reserved Characters. I've created a new build of the Identity Broker for Microsoft Identity Manager management agent which includes the fix from there, attached here: Unify.IdentityBroker.FIMAdapter.dll. Please update the DLL in the FIM Extensions directory and re-attempt the import.

0
Fixed
Matthew Woolnough 2 weeks ago in Identity Broker for Microsoft SharePoint • updated 2 weeks ago 4

The format of IdMParentProfileReference attribute has changed due to new IdB DNs structure. The DN is not saving however. No error is thrown, just get an exported change is not re-imported error.





Answer
Curtis Lusmore 2 weeks ago

See latest v5.1.1 DEV build (not in place upgrade as the version hasn't updated). There's a new setting on the org connector for the org adapter.

0
Answered

I am receiving cd-errors when exporting users to Sharepoint.  I have found the following issue which is resolved by using adapter DN template of UID=@IdBID,however I am already using this config.

There is no other debugging information provided. How can I resolve this?

http://voice.unifysolutions.net/topics/2860-cd-error-exporting-to-idb/

Answer
Curtis Lusmore 3 weeks ago

Hi Matt,

Please try the patch from DN Creation not escaping LDAP Reserved Characters.

0
Answered
Matthew Woolnough 4 weeks ago in Identity Broker for Microsoft SharePoint • updated by Curtis Lusmore 4 weeks ago 3

I have the error below, but the logs do not say which attribute is at fault for passing onto the Sharepoint team for rectication. 

How can I determine which attribute is causing the error?


Change detection engine import all items for connector SharePoint User Profile failed with reason Provided value Avanteos Investments Limited failed validation . Duration: 00:00:05.7520690
Error details:
Unify.Product.IdentityBroker.EntitySchemaValidationException: Provided value Avanteos Investments Limited failed validation  ---> System.FormatException: Input string was not in a correct format.
   at System.Number.ParseSingle(String value, NumberStyles options, NumberFormatInfo numfmt)
   at System.String.System.IConvertible.ToSingle(IFormatProvider provider)
   at System.Convert.ChangeType(Object value, Type conversionType, IFormatProvider provider)
   at Unify.Product.IdentityBroker.EntityObjectTypeSchemaValidator`2.CreateValue(Object dataValue)
   --- End of inner exception stack trace ---
   at Unify.Product.IdentityBroker.EntityObjectTypeSchemaValidator`2.CreateValue(Object dataValue)
   at Unify.Product.IdentityBroker.EntityMultiValueValidatorFactoryBase`3.<>c__DisplayClass1_0.<GetValidator>b__0(Object value)
   at Unify.Product.IdentityBroker.EntityMultiValueObjectTypeSchemaValidator`3.<CreateValue>b__6_0(Object item)
   at System.Linq.Enumerable.WhereSelectArrayIterator`2.MoveNext()
   at System.Collections.Generic.List`1..ctor(IEnumerable`1 collection)
   at System.Linq.Enumerable.ToList[TSource](IEnumerable`1 source)
   at Unify.Product.IdentityBroker.EntityMultiValueObjectTypeSchemaValidator`3.CreateValue(Object dataValue)
   at Unify.Product.IdentityBroker.SharePoint2010UserProfileConnector.CreateValueTypeFromProfileData(PropertyDataContract data)
   at Unify.Product.IdentityBroker.SharePoint2010UserProfileConnector.<ConvertConnectorEntityFromPropertyData>b__22_2(<>f__AnonymousType5`2 <>h__TransparentIdentifier0)
   at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
   at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
   at Unify.Framework.Visitor.Visit[T](IEnumerable`1 visitCollection, Action`2 visitor)
   at Unify.Product.IdentityBroker.SharePoint2010UserProfileConnector.ConvertConnectorEntityFromPropertyData(PropertyDataContract[] profile)
   at Unify.Product.IdentityBroker.SharePoint2010UserProfileConnector.<GetAllEntities>d__26.MoveNext()
   at System.Linq.Buffer`1..ctor(IEnumerable`1 source)
   at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1 source)
   at Unify.Product.IdentityBroker.AuditReadingConnectorDecorator.GetAllEntities(IStoredValueCollection storedValues, CancellationToken cancellationToken)
   at Unify.Product.IdentityBroker.EventNotifierReadingConnectorDecoratorBase`1.GetAllEntities(IStoredValueCollection storedValues, CancellationToken cancellationToken)
   at Unify.Product.IdentityBroker.ChangeDetectionImportAllJob.ImportAllChangeProcess()
   at Unify.Product.IdentityBroker.ChangeDetectionImportAllJob.RunBase()
   at Unify.Framework.DefinedScopeJobAuditTrailJobDecorator.Run()
   at Unify.Product.IdentityBroker.ConnectorJobExecutor.<>c__DisplayClass30_0.<Run>b__0()
   at Unify.Framework.AsynchronousJobExecutor.PerformJobCallback(Object state)",Normal


Answer
Curtis Lusmore 4 weeks ago

Hi Matt,

It looks like you are assigning a string "Avanteos Investments Limited" to a Single Schema Field, not a String Schema Field. Is this intended? This field may be mis-configured.

0
Answered

This is a pre-existing issue, so could very well be environmental.  We're not meant to be fixing pre-existing issues, but if it's something simple it should be addressed.  

Any idea what might be causing this?


IdB5.x

System.ServiceModel.FaultException`1[System.ServiceModel.ExceptionDetail]: No mapping between account names and security IDs was done (Fault Detail is equal to An ExceptionDetail, likely created by IncludeExceptionDetailInFaults=true, whose value is:
System.ComponentModel.Win32Exception: No mapping between account names and security IDs was done
   at Microsoft.Office.Server.Utilities.Win32.AdvApi.LookupAccountName(String lpSystemName, String lpAccountName, IntPtr Sid, Int32& cbSid, StringBuilder ReferencedDomainName, Int32& cchReferencedDomainName, SID_NAME_USE& peUse)
   at Microsoft.Office.Server.UserProfiles.UserProfileGlobal.GetSidFromAccount(String strAccountName, SID_NAME_USE[] IntendedAccountType, SID_NAME_USE& sidUse)
   at Microsoft.Office.Server.UserProfiles.UserProfileGlobal.GetSidFromAccount(String strAccountName, Int32 nMaxLengh)
   at Microsoft.Office.Server.UserProfiles.UserProfileGlobal.GetSidFromAccount(UserProfileApplicationProxy proxy, Guid partitionID, String strAccountName, Boolean isWindowsAccount)
   at Microsoft.Office.Server.UserProfiles.UserProfile..ctor(UserProfileManager objManager, String strAccountName, String strPreferredName)
...).


IdB3.x

System.ServiceModel.FaultException`1[System.ServiceModel.ExceptionDetail]: Invalid Property Value: Could not find SID corresponding to input account name. (Fault Detail is equal to An ExceptionDetail, likely created by IncludeExceptionDetailInFaults=true, whose value is:
Microsoft.Office.Server.UserProfiles.PropertyInvalidValueException: Invalid Property Value: Could not find SID corresponding to input account name.
   at Microsoft.Office.Server.UserProfiles.UserProfileGlobal.ValidatedPerson(Object value, UserFormat userFormat, UserProfileApplicationProxy userProfileApplicationProxy, Guid partitionID)
   at Microsoft.Office.Server.UserProfiles.UserProfileGlobal.ValidatedSingleValue(Object value, ProfileSubtypeProperty prop, PropertyDataType propDataType, UserFormat userFormat, UserProfileApplicationProxy userProfileApplicationProxy, Guid partitionID, SiteContext si)
   at Microsoft.Office.Server.UserProfiles.UserProfileGlobal.ValidatedValue(Object value, ProfileSubtypeProperty prop, PropertyDataType propDataType, UserFormat userFormat, UserProfileApplicationProxy userProfileApplicationProxy, Guid partitionID, SiteContext si)
   at Microsoft.Office.Server.UserProfiles.ProfileValueC...).


Answer

I'd recommend speaking with the SharePoint and/or sys admin, as this error is pretty low down in the SharePoint stack and is calling into native API's (advapi32.dll LookupAccountName).

0
Fixed

Provisioning users to SharePoint for the 1st time on IdB 5.1 and encountered the following error.


System.Collections.Generic.KeyNotFoundException: The key 0799C19A00044B368A7D06D9AE23CC07 could not be found in the list of known profile types. The known types are UserProfile_GUID, SID, ADGuid, AccountName, FirstName, SPS-PhoneticFirstName, LastName, SPS-PhoneticLastName, PreferredName, SPS-PhoneticDisplayName, WorkPhone, Department, Title, SPS-JobTitle, Manager, AboutMe, PersonalSpace, PictureURL, UserName, QuickLinks, WebSite, PublicSiteRedirect, SPS-DataSource, SPS-MemberOf, SPS-Dotted-line, SPS-Peers, SPS-Responsibility, SPS-SipAddress, SPS-MySiteUpgrade, SPS-DontSuggestList, SPS-ProxyAddresses, SPS-HireDate, SPS-DisplayOrder, SPS-ClaimID, SPS-ClaimProviderID, SPS-ClaimProviderType, SPS-LastColleagueAdded, SPS-OWAUrl, SPS-SavedAccountName, SPS-SavedSID, SPS-ResourceSID, SPS-ResourceAccountName, SPS-ObjectExists, SPS-MasterAccountName, SPS-DistinguishedName, SPS-SourceObjectDN, SPS-LastKeywordAdded, WorkEmail, CellPhone, Fax, HomePhone, Office, SPS-Location, SPS-TimeZone, Assistant, SPS-PastProjects, SPS-Skills, SPS-School, SPS-Birthday, SPS-StatusNotes, SPS-Interests, SPS-EmailOptin, ResponsibleSupervisorEntities, AnalysisEntities, RoleLevel, CostCentre, Company, DaysAtOffice, StaffType, usrDivision, Team, GroupOrg, Branch, Floor, RoleDescriptionUrl
   at Unify.Product.IdentityBroker.SharePoint2010Utilities.ConvertAttributeToValues(KeyValuePair`2 attribute, IDictionary`2 profileTypes, IValueAdapter`2 referenceValueToUserProfileNameAdapter, UserProfileNameToStringAdapter userProfileToNameAdapter)
   at Unify.Product.IdentityBroker.SharePoint2010UserProfileConnector.<ConvertConnectorEntityToPropertyData>b__22_1(<>f__AnonymousType3`2 <>h__TransparentIdentifier0)
   at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
   at System.Linq.Buffer`1..ctor(IEnumerable`1 source)
   at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1 source)
   at Unify.Product.IdentityBroker.SharePoint2010UserProfileConnector.ConvertConnectorEntityToPropertyData(IEnumerable`1 entity)
   at Unify.Product.IdentityBroker.SharePoint2010UserProfileConnector.AddEntity(IConnectorEntity entity, ISharePoint2010UserProfileService communicatorChannel)
   at Unify.Product.IdentityBroker.SharePoint2010UserProfileConnector.<>c__DisplayClass7_1.<AddEntities>b__1(IConnectorEntity entity)
   at Unify.Framework.Visitor.Visit[T](IEnumerable`1 visitCollection, Action`2 visitor)
   at Unify.Product.IdentityBroker.SharePoint2010UserProfileConnector.<>c__DisplayClass7_0.<AddEntities>b__0(ISharePoint2010UserProfileService channel)
   at Unify.Product.IdentityBroker.SharePointWCFAgent.Execute[TService](WcfCommunicatorFactory`1 serviceFactory, Action`1 service, Int32 maxItemsInObjectGraph)
   at Unify.Product.IdentityBroker.SharePoint2010UserProfileConnector.AddEntities(IEnumerable`1 entities, ISaveEntityResults`2 results)
   at Unify.Product.IdentityBroker.AuditAddingConnectorDecorator.AddEntities(IEnumerable`1 entities, ISaveEntityResults`2 results)
   at Unify.Product.IdentityBroker.EventNotifierAddingConnectorDecorator.AddEntities(IEnumerable`1 entities, ISaveEntityResults`2 results)


Answer

I'll fix this up, it's the same as organisation.

0
Answered
Matthew Woolnough 1 month ago in Identity Broker for Microsoft SharePoint • updated 4 weeks ago 12

I am exporting Organisations to Sharepoint.  As can be seen in the image below, the IdMParentProfileReference is being updated to include the full DN. 


the following error is being thrown:

System.ServiceModel.FaultException`1[System.ServiceModel.ExceptionDetail]: Object reference not set to an instance of an object. (Fault Detail is equal to An ExceptionDetail, likely created by IncludeExceptionDetailInFaults=true, whose value is:
System.NullReferenceException: Object reference not set to an instance of an object.
   at Unify.Connectors.SharePoint.SharePoint2010WCFService.UNIFYIdentityBrokerService.SharePoint2010OrganizationProfileService.<>c__DisplayClass29.<PopulateProfile>b__22(PropertyDataContract property)
   at Unify.Connectors.SharePoint.SharePoint2010WCFService.UNIFYIdentityBrokerService.EnumeratorExtensions.Visit[T](IEnumerable`1 enumerable, Action`1 action)
   at Unify.Connectors.SharePoint.SharePoint2010WCFService.UNIFYIdentityBrokerService.SharePoint2010OrganizationProfileService.PopulateProfile(OrganizationProfileData organizationProfile, OrganizationProfile profile, IEnumerable`1 schemaValueNames)
   at Unify.Connectors.SharePoint.SharePoint2010WCFService.UNIFYIdentityBrokerService.SharePoint2010OrganizationProfileService.UpdateOrganizationProfile(OrganizationProfileData organizationProfile, String[] schemaValueNames)
   at S...).


The IdMProfileReference is a reference between objects, so is set by the DN of the Parent Object. 

Do I need to configure the IdMProfileReference to the full DN, or should the adapter be converting?



0
Fixed
Matthew Woolnough 1 month ago in Identity Broker for Microsoft SharePoint • updated 4 weeks ago 11

Error exporting users to Sharepoint:

Unify.Framework.UnifyDataException: An error occurred at the adapter level, before the entity was exported to the connector. Check the logs for any exceptions related to the export.
   at Unify.Product.IdentityBroker.Adapter.<>c.<.ctor>b__24_5
Answer

Hi Matt, Please replace the following DLL: Unify.Connectors.Microsoft.SharePoint.dll and re-request the schema - the RecordId field should swap to not required.

0
Answered
Matthew Woolnough 1 month ago in Identity Broker for Microsoft SharePoint • updated 4 weeks ago 9

Seeing the error below in exporting users to Sharepoint. 

Is there a DN requirement in Sharepoint?


Add request failed as the converted DN UID=18df1b3e-7787-429b-b0a0-ddad2ed4b1a4,OU=SPUsers,DC=IdentityBroker does not match the request DN CN=wxli,OU=SPUsers,DC=IdentityBroker.
Answer
Curtis Lusmore 1 month ago

Hi Matt,

This error indicates that the DN that you are generating in your IDM platform differs from the DN generated by Identity Broker based on the Distinguished Name Template for your adapter. You'll need to reconfigure one or the other so that they match. Just a note that if you use @IdBID in the DN template, you will also need to supply a value for the entryUUID field as part of your add requests.

0
Under review
Matthew Woolnough 1 month ago in Identity Broker for Microsoft SharePoint • updated by Curtis Lusmore 1 month ago 8

Permissions like error upon export to Sharepoint.  I have reviewed the Pre-reqs and it appears as though the service account has the appropriate rights (screenshots below).

Are there additional rights required?

Matthew


System.ServiceModel.FaultException`1[System.ServiceModel.ExceptionDetail]: Attempted to perform an unauthorized operation. (Fault Detail is equal to An ExceptionDetail, likely created by IncludeExceptionDetailInFaults=true, whose value is:
System.UnauthorizedAccessException: Attempted to perform an unauthorized operation.
   at Microsoft.Office.Server.UserProfiles.OrganizationProfileValueCollection.CheckUpdatePermissions()
   at Microsoft.Office.Server.UserProfiles.ProfileValueCollectionBase.set_Value(Object value)
   at Microsoft.Office.Server.UserProfiles.OrganizationProfile.set_DisplayName(String value)
   at Unify.Connectors.SharePoint.SharePoint2010WCFService.UNIFYIdentityBrokerService.SharePoint2010OrganizationProfileService.PopulateProfile(OrganizationProfileData organizationProfile, OrganizationProfile profile, IEnumerable`1 schemaValueNames)
   at Unify.Connectors.SharePoint.SharePoint2010WCFService.UNIFYIdentityBrokerService.SharePoint2010OrganizationProfileService.UpdateOrganizationProfile(OrganizationProfileData organizationProfile, String[] schemaValueNames)
   at SyncInvokeUpdateOrganizationProfile(Object , Object[] , Object[] )
   ...).