MIM Event Broker Forum
Welcome to the community forum for MIM Event Broker.
Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.
I know this is somewhere on the roadmap, but I thought I'd give you a specific example of how I would like to use this to lookup the Operation List name for a corresponding guid from within a PowerShell script. I know this method exists on the WCF endpoint because it is exposed in the WSDL. However it is not a simple exercise to access this from PowerShell.
For the time being I have a work-around which relies on looking up the Event Broker registry key to determine the extensibility file path, then querying the operations extensibility xml directly. However the limitation here is that this will only work if the script is running locally on the Event Broker service host.
Now that this has been proven in Identity Broker we'll look at this for MIM Event Broker.
Event Broker agent wizard leads to "The server is unwilling to process the request" exception for specific OU
When an OU is configured for an AD agent that is NOT the domain root (e.g. "OU=Employees,DC=mim2016,DC=local") we get the following exception when the generated incoming operation list is activated:
Operation faulted: The server is unwilling to process the request. - Please see the log viewer for more details.
This is because the AD Sync Changes check operation uses the full DN for the "Domain" property instead of the DC part only (i.e. "DC=mim2016,DC=local").
To avoid this error the AD sync changes operation needs to extract the DC DN from the full DN supplied.
Fixed in 4.0
Presently the TO address supports only a single target email address. However this field is multi-valued in the sendmail API and the logger could easily be extended to support this. There is no tooltip on this field so it was not intuitive that this restriction applied - however attempts using "," and ";" delimiters both failed. Work-arounds include setting up multiple loggers, or using a distribution list. However there are times when this would still be handy - especially when d-lists are not easily modified or the requirement is only temproary.
Added ability to have logs emailed to multiple addresses. Will be included in the next release.
With the release of Ryan Newington's latest Lithnet miis-powershell module it occurred to me that it may be possible in some scenarios (e.g. full imports vs. delta imports) to leverage the progress bar idea for the Event Broker console.
To be investigated during UI rewrite.
The native AD MA for the FIM Sync service has long had an optional configuration section for preferred DCs, so that administrators can nominate an ordered list of preferred DCs to connect to for imports/exports. When this is used with Event Broker, especially in forests where there are delays in AD replication between DCs, the result can be that Event Broker detects a change before it is replicated to the DC from which FIM is connecting. This generally results in a missed change.
A feature to configure the AD agent exactly in line with that in the corresponding AD MA is suggested here.
V3.2.0 Rev 1
I was doing a test with this and it doesn't appear to be the case. If not, this might be a good idea to implement as it can lead to some confusion.
We are seeing evidence at a client site that operations that should be blocked by an exclusion group are being run at the same time. For client privacy reasons, will provide screenshots via private comment describing the group and showing the clash.
We've done an analysis of the UNIFYNow (Version 3.2.0) schedule and don't see other operation lists that could be triggering the runs we're seeing in MIM but we can make the config file available on request.
This operation list is a member of this group. If there are no priority members, it will block all other members from executing while it is running. If there are prioritymembers, the operation list will not block other members of the group while it is running.
In UNIFYNow, I had an operation which invoked an existing MIM Run Profile. In MIM, I renamed that Run Profile. Back in UNIFYNow, the old Run Profile name remained and the new name did not appear. I tried Refresh MA on the MIM Sync agent, no luck. I tried restarting UNIFYNow followed by another Refresh MA on the MIM Sync agent, no luck. I ran iisreset on the server running UNIFYNow Web, no luck.
The Operation Lists which invoked the renamed MIM Run Profile is now failing, with the following error in the logs:
Please note that the Run Profile GUID is unchanged - the only thing I did was change the name of the Run Profile in MIM.
How can I get UNIFYNow to acknowledge and use the changed Run Profile name?
Please upgrade to the latest version of UNIFYNow, v4.0.4. There were some issues surrounding MA update tracking that were resolved in that release.
I have two Operation Lists configured as shown:
Operation List "Incoming":
- Run Profile operation (a delta import)
- Calls Operation List "Sync"
Operation List "Sync":
- Run Profile operation (a delta sync)
Operation List "Sync" is in an exclusion group with various other operation lists that perform Sync run profiles.
When one of the other Sync operation lists are running and Operation List "Incoming" is run, the first operation (Run Profile operation (a delta import)) completes, but since Operation List "Sync" is in an exclusion group, it does not run (which is as expected).
However, I have configured Operation List "Sync" with the "Queue on Blocked" flag, so I'm expecting that it should run soon after the other Sync operation list completes. However, it does not appear to do so in a timely manner, if at all (I only waited a few minutes).
The desired outcome here is that I can avoid having to put all my "Incoming" operation lists in an exclusion group. I only want to exclude parallel sync operations - it's fine if delta import operations run in parallel.
Can you please advise how I can get the desired outcome to work?
Customer support service by UserEcho