I have installed FIM adapter 5.0.4.0 (I see a more recent version in the doco but that is the latest under subscribers). When trying to create the MA for IDB5, I can browse for the FIMAdapter.dll, but when I refresh interfaces I get error The extension could not be loaded.

I have looked at http://voice.unifysolutions.net/topics/428-creating-idb-5-ecma2-receive-error-could-not-load-file-or-assembly-microsoftmetadirectoryservicesex/

And tried modifying the new version listed for both mmsscript and miisserver config files, but the error persists.

Any idea what else to try?

Getting myself confused by the logging in IdB5. With no log writer configured, my logs end up under c:\program files\Unify solutions\identity broker\services\logs and I cannot see anywhere to set a different directory. If I configure the standard csv logger I can specify a directory, but all this gives me is the same files being created in two places. is there a way to point the default log directory to somewhere other than under program files?

Since IdB is now presenting data to FIM via LDAP, is there any technical reason why two IdB server could not be load balanced behind an F5 or similar? Customer currently has FIM and IdB4 on a server and a second (warm standby) with the same. If idB5 were on separate servers (one active and the other warm standby) and if the FIM MA were pointing to a name that resolved to a VIP, then I assume that as long as the VIP could work out which IdB server had the service running that would work. Do we know if anyone has done/tried this, or do we generally recommend keeping FIM and IdB co-located on the same server?

On a test server that was riunning IdB4, I uninstalled IdB 4 and have run through the install of IdB5. Selected a new database (unify.identitybroker5) and the install reported that it had completed successfully.

Tried to start service, started then stopped. Checked event viewer - error that the service had no rights to read its extensibility config files. I have added the idb service account as full control of that directory, but the error persists.

If I look at the effective rights at the individual file level, the svc account has no rights because of file permissions. Has anyone seen that before? I tried removing (renaming) the extensibility directory and re-ran the installer and selected repair - but it ends prematurely and rolls back, without displaying anything useful on the screen. Do I have to go and explicitly grant my svc account rights to each file?

IDB 5.0, Aurion Connector 5.0.

I have an Adapter that links to the primary "Aurion Person" connector, and joins to data from an "Aurion Employee" connector, and a CSV connector bringing in custom Org Unit names.

I have used a number of IsOperative transformations to set "Passed" and "NotPassed" flag values relating to various dates: DateCommenced, ContractExpiryDate, DateTerminated.

For a test user - on initially importing their details the DateCommencedStatus was correctly "NotPassed". However 5 days after the date it was still "NotPassed" - it had not toggled to "Passed". When I ran a Generate Changes manually in the Adapter it then went to Passed.

The Aurion Connectors are only running Full Imports and run multiple times a day. I assume the IsOperative transformation did not get re-evaluated because the source data did not change - the only thing that has changed is @NOW.

I need a workaround for this - is there a way I can force Generate Changes to run on a schedule or through the IdB web services?

When a placeholder connector is created, an import is done to import the container object into FIM such that it can subsequently provision objects back out to the placeholder connector.

When doing an Identity Broker migration between environments by way of config migration, there was a bug where FIM would report that - when trying to run the import to get the container object; there was in fact no objects to import.

Did a bit of digging, ended up changing the Container Name in the placeholder connector in IDB to something different, saving connector, and then changing it back - and then running the import into FIM. Upon doing this, the container successfully imported.

It seems like it stores something in the database as an entity for the container (logically) and when you migrate, this does not get copied across (logically). However a rename triggers this entity to be created and thus picked up by FIM when the import is run.

I am seeing a repeated error about LDAP timeouts when trying to read in changes from an IDB5 adapter. The error is:

Handling of LDAP change log request from user IdBAPPProxy on connection 127.0.0.1:57970 failed with error "This operation returned because the timeout period expired. (Exception from HRESULT: 0x800705B4)". Duration: 00:14:59.9992614.

That looks suspiciously like a 15 min timeout is set somewhere, but I simply cannot find where it is set.

Any advice would be appreciated

I have 2 OUs stemming from the main IdB partition as follows:

DC=Identity Broker

-- OU=AurionUsers,DC=Identity Broker

-- OU=FutureUsers,DC=Identity Broker

If I target my Full Imort Run Profile at the top of the tree (DC=Identity Broker), I expect to retrieve all objects in sub OUs, but I retrieve nothing. MIM reports completed-no-objects.

This seems like a bug to me. This is a problem, as it means that I need to have 2 MAs when 1 should suffice.

Trying to select a cert by thumbprint. A few options below:

1) 05:0A:A7:C3:5F:85:F0:A8:5B:14:1D:B6:7F:67:8C:60:4F:2D:DE:D3
2) 05 0a a7 c3 5f 85 f0 a8 5b 14 1d b6 7f 67 8c 60 4f 2d de d3

3) 050aa7c35f85f0a85b141db67f678c604f2dded3

What format do I need to use?

I have configured an IdB 5.0.4 DB connector for a SQL table. It is complaining about a column with a "-" in the name:

"Invalid column name 'NUWorkflow'. Invalid column name 'GUID'."

In fact the column name is 'NUWorkflow-GUID' which has been successfully identified by the schema retrieval.