In Broker/Plus, outgoing provisioning tasks are run even when the outgoing provisioning flag is disabled.

That task can be used for out of band provisioning operations.  Since the configuration flag only turns off object provisioning via the target adapter (and not any out-of-band provisioning activities that the task performs) the flag isn't as useful as it could be and the flag operates in a manner that may be contrary to user expectations.

I will attach the Extensibility files.  This used to work, but some configuration change has caused it to stop working now.  Reverting is not an option as there have been many changes and this project is under time constraints to deliver ASAP.

In my Broker/Plus environment (based on UNIFYAssure for Aurion) I am trying to synchronise the manager attribute to AD but seeing the following error:

My configuration has an Aurion connector/adapter -> Link -> Locker -> Link -> AD connector/adapter in a standard setup.

The Manager attribute in the Aurion adapter is calculated via a DN join:

Here's an example, looks correct.

I synchronise the Manager attribute from the Aurion Adapter to the Locker:

It looks correct in the Locker:

Then from the Locker to the AD Adapter:

Here's the AD Adapter configuration:

When I attempt a Baseline Synchronisation on the AD Link this is what I see, and the error above appears in the log file:

Can you please tell me what I need to do to get the synchronisation of the manager attribute to work correctly from the Locker to the AD Adapter?

When a provisioning task fails in a Broker Plus Link due to a PowerShell error, the information written doesn't indicate which provisioning task failed, which line the error occurred on, or which entity was being processed.

It would be extremely helpful for debugging to know which provisioning task is the source of the error and which line is executing when the error occurs.

It would also be helpful to know which entity is being processed, but given that the PowerShell script loops over objects internally this information is not automatically available to the calling engine.  In order to help with this I suggest adding a function which allows the PowerShell script to (optionally) indicate when it starts and finishes processing an entity, in order to allow Broker to include that information in the log entry.

i.e.

foreach ($joinedEntity in $joinedEntities)
{
    # Tell Broker which entity we're working on
    $personNumber = $SourceEntity["PersonNumber"].Value
    $username = $SourceEntity["sAMUsername"].Value
    $logger.setIdentifier("Person $personNumber ($username)")

    # Process the entity
    $isTerminated = $joinedEntity.SourceEntity["Terminated"].Value
    $joinedEntity.TargetEntity["isTerminated"] = $isTerminated -eq "True"

    # Tell Broker we're finished processing the entity
    $logger.resetIdentifier()
} 

I need to set a user's account name when provisioning via Broker/Plus, but then flow that value back in from AD subsequently (so the value is picked up when joining to an existing AD account, and so that if the username can be changed in AD it will be automatically updated in Broker).

Can you please confirm whether or not the approach below will work, and advise if there is a better way to do it?

1. Set the Link mapping on the AD->Locker to Bidirectional for the AD username field
2. Set a value for the attribute in the Outgoing Pre-Provisioning Task

I am a new Broker/Plus user and want to see where a Locker is getting its field values from, so I clicked on the Entity Id and then on Origin Info.  This is the screen I see:

This doesn't tell me which Adapter contributed the current value for the sAMUsername field.  I tried searching the Extensibility files for the Entity Id and Partition Id, but neither told me which Adapter the field value came from.

Could you please add the name of the Adapter that contributed the field value somewhere on this popup?

Also, it's not clear what the Type information here means.  What does it mean that my 'sAMUsername' field is of type 'PlugIn'?

As part of an upgrade activity on an MA, we were required to deliver a difference report on the data as it would appear pre vs post synchronisation of the upgrade MA. This was done to better understand and review what attributes would be updated when a full sync of the upgraded MA would occur in PROD.

We were able to achieve this deliverable by exporting two csv's of the data pre & post synchronisation, and doing a data comparison in a third party app. This could be simplified if Identity Broker Plus could generate a difference report for full syncs to ensure that the MA update is producing clean data.

This report could vary in detail, but as a first pass being able to see a count of the new and updated identities and attributes would be preferable.

Keep getting the below error for link's baseline outgoing sync to AD. I have tried to restart IdB service but no improvement. I don't have DB Admin right as it is PROD env and Shared SQL cluster. Just wonder what can I do to troubleshoot it?

Synchronization job failed syncing 40800 changes on the 'AD Link' link from the locker to adapter with the reason Execution Timeout Expired.  The timeout period elapsed prior to completion of the operation or the server is not responding.. Job ID: e6165705-b8bf-4e86-953e-c1394ae692c8 Duration: 00:16:54.3542205
Error details:
System.Data.SqlClient.SqlException (0x80131904): Execution Timeout Expired.  The timeout period elapsed prior to completion of the operation or the server is not responding. ---> System.ComponentModel.Win32Exception (0x80004005): The wait operation timed out
   at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
   at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)
   at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)
   at System.Data.SqlClient.SqlDataReader.TrySetMetaData(_SqlMetaDataSet metaData, Boolean moreInfo)
   at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)
   at System.Data.SqlClient.SqlDataReader.TryConsumeMetaData()
   at System.Data.SqlClient.SqlDataReader.get_MetaData()
   at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString, Boolean isInternal, Boolean forDescribeParameterEncryption)
   at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async, Int32 timeout, Task& task, Boolean asyncWrite, Boolean inRetry, SqlDataReader ds, Boolean describeParameterEncryptionRequest)
   at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, TaskCompletionSource`1 completion, Int32 timeout, Task& task, Boolean& usedCache, Boolean asyncWrite, Boolean inRetry)
   at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method)
   at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method)
   at System.Data.Linq.SqlClient.SqlProvider.Execute(Expression query, QueryInfo queryInfo, IObjectReaderFactory factory, Object[] parentArgs, Object[] userArgs, ICompiledSubQuery[] subQueries, Object lastResult)
   at System.Data.Linq.SqlClient.SqlProvider.ExecuteAll(Expression query, QueryInfo[] queryInfos, IObjectReaderFactory factory, Object[] userArguments, ICompiledSubQuery[] subQueries)
   at System.Data.Linq.SqlClient.SqlProvider.System.Data.Linq.Provider.IProvider.Execute(Expression query)
   at System.Data.Linq.DataQuery`1.System.Collections.Generic.IEnumerable<T>.GetEnumerator()
   at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
   at System.Linq.Buffer`1..ctor(IEnumerable`1 source)
   at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1 source)
   at Unify.Framework.Data.LinqWhereQuery`5.GetEnumerator()
   at Unify.Framework.QueryableExtensions.<AutoStream>d__2`1.MoveNext()
   at System.Linq.Lookup`2.Create[TSource](IEnumerable`1 source, Func`2 keySelector, Func`2 elementSelector, IEqualityComparer`1 comparer)
   at System.Linq.Enumerable.ToLookup[TSource,TKey,TElement](IEnumerable`1 source, Func`2 keySelector, Func`2 elementSelector)
   at Unify.Framework.QueryableExtensions.StreamToLookup[TKey,TElement](IOrderedQueryable`1 collection, Func`2 keySelector, Int32 pageSize)
   at Unify.Product.Plus.JoinExecutor`2.Execute(IEnumerable`1 sourceEntities, IQueryable`1 targetEntities)
   at Unify.Product.Plus.LinkSynchronizer`2.JoinAndMap(IEnumerable`1 filterResult, IDictionary`2 changesDict)
   at Unify.Product.Plus.Link.SynchronizeLockerChanges(IEnumerable`1 changes)
   at Unify.Framework.Notification.NotifierDecoratorBase.Notify[TResult](ITaskNotificationFactory notificationFactory, Func`1 function)
   at Unify.Product.Plus.LinkAuditingDecorator.SynchronizeLockerChanges(IEnumerable`1 changes)
   at Unify.Product.Plus.LockerToAdapterSynchronizationJob.RunBase()
   at Unify.Product.Plus.SynchronizationJobExecutor.<ThreadAction>d__8.MoveNext()
ClientConnectionId:e4b00f30-9b86-4cae-a54c-a96f2f4dc552
Error Number:-2,State:0,Class:11",Normal
20180904,07:19:04,UNIFY Identity Broker,"Void OnError(System.Data.SqlClient.SqlException, Boolean, System.Action`1[System.Action])",Error,".Net SqlClient Data Provider:
System.Data.SqlClient.SqlException (0x80131904): Execution Timeout Expired.  The timeout period elapsed prior to completion of the operation or the server is not responding. ---> System.ComponentModel.Win32Exception (0x80004005): The wait operation timed out
   at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
   at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)

Error:

20180802,13:57:12,UNIFY Identity Broker,EntitySaver,Error,"The entity 603474 (6cd1989f-bfe8-4f1e-adb6-004af8cea53f) for the adapter AD User Adapter (9f73e5e5-30df-4142-b850-db3e31f0a931) failed to update for the following reasons: Received error code InvalidAttributeSyntax for item with dn CN=redacted,DC=au. Message: 00000057: LdapErr: DSID-0C090BD1, comment: Error in attribute conversion operation, data 0, v1772",Normal

It happens to both Add and Update. However, I changed Outgoing Filter to update only one user and AD Link only update 3 fields: company, department, title. The error still happens ...

TestHarness to CSV file works well ...

No error in Log either:

20180121,13:01:26,UNIFY Identity Broker,SyncEngine,Information,"Request to sync locker to adapter completed.
Synchronization job completed syncing 116 changes on the 'AD Link' link from the locker to adapter. Delayed: 0 Incomplete: 0 Denied: 0 Job ID: c5198353-498f-49ab-ad39-3f3ad154b57c Duration: 00:00:10.9188371",Normal
20180121,13:01:26,UNIFY Identity Broker,SyncEngine,Information,"Request to sync adapter to locker started.
Synchronization job started syncing 21057 changes on the 'AD Link' link from the adapter to locker. Job ID: 8ab397a7-93fc-484d-b25f-0f1faaa6e883",Normal
20180121,13:01:32,UNIFY Identity Broker,Change detection engine,Information,"Change detection engine unscheduled started.
Change detection engine unscheduled for connector AD Users started.",Normal

Link shows ougoing sync all good:

AD User Connector shows no entity is saved. AD User Adapter shows no entity is added. Test Mode is disabled.