Can you trace the BHOLD Access Management Connector

Today I found myself playing with the BHOLD Access Management Connector for FIM 2010 R2. My earlier implementations have been without this connector so I haven't had much time to work with it.

I did, however, have some trouble getting my exports to go to BHOLD. I had followed the guide and done my provisioning properly (using my provisioning framework). Even so, I kept getting 'cd-error' errors on my exports. There was no information about the error to be found anywhere, so I decided to put on my gloves and accept the challenge.

I eventually found the problem by adding a new diagnostics listener for the BHOLD connector to miiserver.exe.config to be able to gather diagnostics from this Management Agent. I couldn't find any information on how to do this anywhere (probably just me), but after some serious peeking and poking around, I managed to construct a new source that worked -

<source name="Microsoft.AccessManagement.BHOLDConnector" switchValue="Verbose">
    <listeners>
     <remove name='Default' />
     <add name="BHOLDAMCEventLogListener" type="System.Diagnostics.TextWriterTraceListener"  initializeData="c:\temp\BHOLD.log" />
    </listeners>
   </source>

After adding this to the <sources> section under <system.diagnostics> and restarting the FIMSynchronizationService, I started getting traces in the BHOLD.LOG file in my C:\Temp folder.

This tracelog led me on track as the log showed a SQL exception for an user INSERT statement. Turned out that I didn't have an export flow to the bholdDescription attribute for the users I was pushing to BHOLD; and the bholdDescription is apparently mandatory for users (can't find any documentation to support this, though).

Behold, success! Once an export flow for displayName ==> bholdDescription was added, all my users adds went through smoothly.