Some background information: When ILM directly imports a reference attribute (CS>MV), it tries to maintain the reference, using the technique of referential integrity. ILM automatically translates the link between the 2 objects (user > manager) from CS to Metaverse. The MV object does not have a DN, but an ObjectGUID. ILM translates the reference from CS DN to MV GUID.
A small example:
In MV the reference is translated to:
So you can’t use the CSEntry.DN value to search the metaverse directly. Neither can you search the connector space in extension code. There is no FindMVentries equivalent for the connector space.
Also, you can’t access a MVEntry reference attribute .
More information: - How to get reference object in provisioning - Reference values not accessible on MV objects
This import flow code will fail:
Public Sub MapAttributesForImport( _ ByVal FlowRuleName As String, _ ByVal csentry As CSEntry, _ ByVal mventry As MVEntry) _ Implements IMASynchronization.MapAttributesForImport
Select Case FlowRuleName Case "cd.user:manager->mv.user:department" ‘can’t search in connector space ‘trying to search metaverse If mventry("manager").IsPresent Then Dim findResultList() As MVEntry = _ Utils.FindMVEntries("ObjectGUID", mventry("manager").Value.ToString, 1) If findResultList.Length > 0 Then Dim firstMVEntryFound As MVEntry = findResultList(0) mventry("department").Value = firstMVEntryFound("department").Value.ToString End If End If Case Else Throw New EntryPointNotImplementedException() End Select
Error message:”System.InvalidOperationException: Unable to access attribute manager. Reference values not accessible on MV objects.”
So we need another approach.
We need some (non-referential) link to the manager, to be able to search the MV.
To document this post I was using an AD MA. The only link between the user and manager in AD is still a reference (by DN) and you can’t change that. (There is no other attribute linking them…)
As an example :
But you can store the DN as string value in an additional attribute like “ADdn” (string).
So: flow the CS <DN> into the MV.
(Or another ‘simple’ attribute if you have one to link to the manager…) Next create a import flow rule to import an attribute from a referenced object:
Public Sub MapAttributesForImport( _ ByVal FlowRuleName As String, _ ByVal userCSEntry As CSEntry, _ ByVal userMVEntry As MVEntry) _ Implements IMASynchronization.MapAttributesForImport Select Case FlowRuleName Case "cd.user:manager->mv.user:department" 'simple sample code block to flow managers department into MV 'can be made more complex to flow only when user is manager If userCSEntry("department").IsPresent Then userMVEntry("department").Value = userCSEntry("department").Value End If 'code block to flow manager's department in user's department If userCSEntry("manager").IsPresent Then 'search for the manager Dim findManagerResultList() As MVEntry = _ Utils.FindMVEntries("ADdn", userCSEntry("manager").Value.ToString, 1) If findManagerResultList.Length > 0 Then 'get first entry Dim mvManagerFound As MVEntry = findManagerResultList(0) 'if department filled, flow it If mvManagerFound("department").IsPresent Then userMVEntry("department").Value = mvManagerFound("department").Value End If End If End If Case Else Throw New EntryPointNotImplementedException() End Select End Sub
Look at this example:
First sync the manager to have the department attribute available:
(Eg preview > Commit preview, like shown below)
Next sync the user: preview > Commit preview, like shown below
The user department has now been filled with the Manager’s department.
Ed Price MSFT edited Revision 2. Comment: Updated title case and grammar standards. See Title Style Guide for more info on that.