Tuesday, November 19, 2013

MARunScheduler is now on CodePlex

I'm happy to announce that the MARunScheduler can now be found on CodePlex.

The MARunScheduler is a plug-in replacement for the old Microsoft's MASequencer which is used to automate the order in which management agents profiles are run. MARunScheduler uses input from an XML file, which contains information about the management agents to be sequenced.

You can read more about the project and get it at https://marunscheduler.codeplex.com/.

Enjoy.

Wednesday, November 13, 2013

Can you trace the BHOLD Access Management Connector

Today I found myself playing with the BHOLD Access Management Connector for FIM 2010 R2. My earlier implementations have been without this connector so I haven't had much time to work with it.

I did, however, have some trouble getting my exports to go to BHOLD. I had followed the guide and done my provisioning properly (using my provisioning framework). Even so, I kept getting 'cd-error' errors on my exports. There was no information about the error to be found anywhere, so I decided to put on my gloves and accept the challenge.

I eventually found the problem by adding a new diagnostics listener for the BHOLD connector to miiserver.exe.config to be able to gather diagnostics from this Management Agent. I couldn't find any information on how to do this anywhere (probably just me), but after some serious peeking and poking around, I managed to construct a new source that worked -

<source name="Microsoft.AccessManagement.BHOLDConnector" switchValue="Verbose">
    <listeners>
     <remove name='Default' />
     <add name="BHOLDAMCEventLogListener" type="System.Diagnostics.TextWriterTraceListener"  initializeData="c:\temp\BHOLD.log" />
    </listeners>
   </source>


After adding this to the <sources> section under <system.diagnostics> and restarting the FIMSynchronizationService, I started getting traces in the BHOLD.LOG file in my C:\Temp folder.

This tracelog led me on track as the log showed a SQL exception for an user INSERT statement. Turned out that I didn't have an export flow to the bholdDescription attribute for the users I was pushing to BHOLD; and the bholdDescription is apparently mandatory for users (can't find any documentation to support this, though).

Behold, success! Once an export flow for displayName ==> bholdDescription was added, all my users adds went through smoothly.