Identity Broker Forum

Welcome to the community forum for Identity Broker.

Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.

0
Under review

Updating the Microsoft Office Enterprise agent from Azure Graph API to MS Graph API

The documentation for the Microsoft Office Enterprise agent refers to the Azure Graph API.  Given that API is deprecated and will be turned off in 2022, are there plans to upgrade it to use the MS Graph API?

Image 5866

Image 5867

0
Not a bug

MIM full import returns changes missed from recent delta imports

Bob Bradley 7 years ago in UNIFYBroker/Microsoft Office Enterprise updated by anonymous 6 years ago 24

Over the last couple of weeks troubleshooting a separate issue, the customer has been reporting that some users hadn't been assigned licenses. In some cases this was due to accounts in error, but in others it has turned out to be that the delta imports from the corresponding IdentityBroker adapter (run on change detection by Event Broker) have not included changes that they should have. Such changes are only surfaced to MIM after a MIM MA full import (delta sync) is subsequently run.

To mitigate this problem, a twice-daily full import/delta sync operation across both IdB adapters is being performed. Over the last 4 days since this has been in place, a number of changes continue to be surfaced in the full import some 10 minutes after the last delta import. The latest of these FI runs which returned 5 changes was run at 7:07 am on Saturday 3rd December - at a time when there should be no business activity happening in any geographic region for QBE.

Investigations into SQL queries such as the following identified identities where a MODIFY change entry was present without a corresponding INSERT:

SELECT *  FROM [Unify.IdentityBroker50].[dbo].[ChangeLog]
WHERE TargetDistinguishedName = 'CN=bob,OU=container,DC=IdentityBroker' 

Filing this against the O365 connector because it happened to be for the related adapter - but it is likely this is a generic problem unrelated to a specific connector (i.e. am seeing FI steps return records consistently for both AD and AAD-based adapters)

Re-opened issue QBE-51 previously raised for this issue.

Answer
anonymous 6 years ago

No Adam, not that I am aware of.  However the Broker/event logs are still full of as yet unexplained exceptions of varying levels, and it remains to be seen if any of these are related in some way.  Nothing will improve here until we get onto the latest Broker platform with our client, and that's got nothing to do with technology at all.

0
Won't fix

Office Connector Import fails with System.Net.WebException: The operation has timed out

Bob Bradley 7 years ago in UNIFYBroker/Microsoft Office Enterprise updated by Curtis Lusmore 6 years ago 33

QBE reported this week that they are continuing to have long periods (several hours) where licenses are not being assigned, and are having to manually restart the IdB service multiple times during the day (the service is already being restarted each night at 4 am). The timeout error continues to be reported in the logs

See JIRA ticket QBE-59 for more details.

0
Not a bug

Identity Broker 5.1 Graph API error

Andrew Silcock 7 years ago in UNIFYBroker/Microsoft Office Enterprise updated 7 years ago 2

Getting the following error on a polling import on a Azure Graph API, the DLL exists however the version is 5.7.0.62414 rather than the 5.6.4.0 expected by IDB. Tried a binding redirect however that didn't correct the issue. This is occurring in IDB 5.1 with version 5.1 of the connector installed.

Change detection engine import changes failed.
Change detection engine import changes for connector Azure Graph API Users Connector failed with reason One or more errors occurred.. Duration: 00:04:47.8347097
Error details:
System.AggregateException: One or more errors occurred. ---> System.AggregateException: One or more errors occurred. ---> System.IO.FileLoadException: Could not load file or assembly 'Microsoft.Data.Services.Client, Version=5.7.0.62414, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040) ---> System.IO.FileLoadException: Could not load file or assembly 'Microsoft.Data.Services.Client, Version=5.6.4.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)
--- End of inner exception stack trace ---
at Microsoft.Azure.ActiveDirectory.GraphClient.ActiveDirectoryClient..ctor(Uri serviceRoot, Func`1 accessTokenGetter, IEnumerable`1 customTypeMappings)
at Unify.Product.IdentityBroker.AzureADGraphAgent.GetDirectoryDataService()
at Unify.Product.IdentityBroker.AzureADGraphAgent.<UsersGet>d__16.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Unify.Product.IdentityBroker.AzureADUserConnector.<GetEntitiesAsync>d__19.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Unify.Product.IdentityBroker.ConnectorToIdPollingAsyncConnectorBridge.<GetEntitiesAsync>d__10.MoveNext()
--- End of inner exception stack trace ---
at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
at Unify.Framework.Auditing.AuditingExtensions.<>c__DisplayClass5_0`1.<CreateAndSendLogEntryAsync>b__0(Task`1 t)
at System.Threading.Tasks.ContinuationResultTaskFromResultTask`2.InnerInvoke()
at System.Threading.Tasks.Task.Execute()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Unify.Product.IdentityBroker.EventNotifierSelectiveReadingAsyncConnectorDecoratorBase`1.<GetEntitiesAsync>d__2.MoveNext()
--- End of inner exception stack trace ---
at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
at Unify.Product.IdentityBroker.ChangeDetectionIdPollAsyncJob.RunBase()
at Unify.Framework.DefinedScopeJobAuditTrailJobDecorator.Run()
at Unify.Product.IdentityBroker.ConnectorJobExecutor.<>c__DisplayClass30_0.<Run>b__0()
at Unify.Framework.AsynchronousJobExecutor.PerformJobCallback(Object state)
---> (Inner Exception #0) System.AggregateException: One or more errors occurred. ---> System.IO.FileLoadException: Could not load file or assembly 'Microsoft.Data.Services.Client, Version=5.7.0.62414, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040) ---> System.IO.FileLoadException: Could not load file or assembly 'Microsoft.Data.Services.Client, Version=5.6.4.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)
--- End of inner exception stack trace ---
at Microsoft.Azure.ActiveDirectory.GraphClient.ActiveDirectoryClient..ctor(Uri serviceRoot, Func`1 accessTokenGetter, IEnumerable`1 customTypeMappings)
at Unify.Product.IdentityBroker.AzureADGraphAgent.GetDirectoryDataService()
at Unify.Product.IdentityBroker.AzureADGraphAgent.<UsersGet>d__16.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Unify.Product.IdentityBroker.AzureADUserConnector.<GetEntitiesAsync>d__19.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Unify.Product.IdentityBroker.ConnectorToIdPollingAsyncConnectorBridge.<GetEntitiesAsync>d__10.MoveNext()
--- End of inner exception stack trace ---
at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
at Unify.Framework.Auditing.AuditingExtensions.<>c__DisplayClass5_0`1.<CreateAndSendLogEntryAsync>b__0(Task`1 t)
at System.Threading.Tasks.ContinuationResultTaskFromResultTask`2.InnerInvoke()
at System.Threading.Tasks.Task.Execute()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Unify.Product.IdentityBroker.EventNotifierSelectiveReadingAsyncConnectorDecoratorBase`1.<GetEntitiesAsync>d__2.MoveNext()
---> (Inner Exception #0) System.IO.FileLoadException: Could not load file or assembly 'Microsoft.Data.Services.Client, Version=5.7.0.62414, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)
File name: 'Microsoft.Data.Services.Client, Version=5.7.0.62414, Culture=neutral, PublicKeyToken=31bf3856ad364e35' ---> System.IO.FileLoadException: Could not load file or assembly 'Microsoft.Data.Services.Client, Version=5.6.4.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)
File name: 'Microsoft.Data.Services.Client, Version=5.6.4.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35'

WRN: Assembly binding logging is turned OFF.
To enable assembly bind failure logging, set the registry value [HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) to 1.
Note: There is some performance penalty associated with assembly bind failure logging.
To turn this feature off, remove the registry value [HKLM\Software\Microsoft\Fusion!EnableLog].

at Microsoft.Azure.ActiveDirectory.GraphClient.ActiveDirectoryClient..ctor(Uri serviceRoot, Func`1 accessTokenGetter, IEnumerable`1 customTypeMappings)
at Unify.Product.IdentityBroker.AzureADGraphAgent.GetDirectoryDataService()
at Unify.Product.IdentityBroker.AzureADGraphAgent.<UsersGet>d__16.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Unify.Product.IdentityBroker.AzureADUserConnector.<GetEntitiesAsync>d__19.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Unify.Product.IdentityBroker.ConnectorToIdPollingAsyncConnectorBridge.<GetEntitiesAsync>d__10.MoveNext()

<---
<---

Answer
anonymous 7 years ago

Get the binding redirects from here. Unfortunately Microsoft still haven't made clear what their timelines are for fixing the mess of two sets of their API, which is what I was hoping to get an answer on before I committed to one way of doing it.

0
Completed

Identity Broker for Microsoft Office365 to support CONTACT objects too

Bob Bradley 8 years ago in UNIFYBroker/Microsoft Office Enterprise updated by anonymous 6 years ago 17

The v5.0 release supports provision/sync of only users and groups. I am not clear about the use case(s) as to where Broker would be used in lieu of AADConnect (or DirSync before it) or the WAAD connector in FIM - but without support for contacts such an interchange could not be considered for most enterprises.

Answer
anonymous 6 years ago

Currently not possible due to the current version not supporting adds:

{"odata.error":{"code":"Request_BadRequest","message":{"lang":"en","value":"Data contract version does not allow 'Create' operations against instances of resource 'Contact'."},"values":null}}

The code is now available to do this new connector (as long as the functionality is added to Graph), so as soon as it's possible it won't take long to release.