0
Not a bug

IdB5 partitions not working correctly

Matthew Woolnough 3 years ago • updated by anonymous 3 years ago 5

I have 2 OUs stemming from the main IdB partition as follows:


DC=Identity Broker

-- OU=AurionUsers,DC=Identity Broker

-- OU=FutureUsers,DC=Identity Broker


If I target my Full Imort Run Profile at the top of the tree (DC=Identity Broker), I expect to retrieve all objects in sub OUs, but I retrieve nothing. MIM reports completed-no-objects.


This seems like a bug to me. This is a problem, as it means that I need to have 2 MAs when 1 should suffice.

Affected Versions:
Fixed by Version:

Answer

Answer

Hi Matt,


On further investigation this appears to be because the agent is being asked at the start of the run profile explicitly to exclude the two sub-containers, even if you explicitly configure it to include them with the "Containers ..." configuration on the "Configure Partitions and Hierarchies" page. This appears to be a bug with how FIM/MIM relays the configuration to the agent (note: I've been testing against FIM2010R2 but you appear to be experiencing the same behaviour).


Is there any functionality that you need that you can't achieve by targeting the two containers as individual partitions, and creating multi-step run profiles to operate on each partition?

I should add this also means that you can't have Users in one OU referencing objects in the other OU.

ie, users in OU=FutureUsers,DC=Identity Broker cannot have a manager that is in OU=AurionUsers,DC=Identity Broker as they're not in the same Management Agent.

Under review

Hi Matt,


Rather than selecting the top level DC=IdentityBroker you can select the individual partitions OU=AurionUsers,DC=IdentityBroker and OU=FutureUsers,DC=IdentityBroker with a single management agent. That said, it should still be possible to target the root container. I'm investigating now why this isn't working.

Answer

Hi Matt,


On further investigation this appears to be because the agent is being asked at the start of the run profile explicitly to exclude the two sub-containers, even if you explicitly configure it to include them with the "Containers ..." configuration on the "Configure Partitions and Hierarchies" page. This appears to be a bug with how FIM/MIM relays the configuration to the agent (note: I've been testing against FIM2010R2 but you appear to be experiencing the same behaviour).


Is there any functionality that you need that you can't achieve by targeting the two containers as individual partitions, and creating multi-step run profiles to operate on each partition?

I've just attempted to utilize this configuration, and no objects are coming through from the 2nd partition at all. They are visible when I look at the processed entity count, but the import does not bring them into the connector space. I only see the OU upon import.


When I create a new MA for this partition, it works without issue.