Forefront Identity Manager Synchronization Service (FIM Synchronization Service) creates and distributes an integrated view of all the connected directories through a synchronization process of inbound synchronization and outbound synchronization. As part of the synchronization process, you can configure your synchronization rules to use rules extensions to ensure that the integrated view contains the necessary attribute values and that these values are unique.
Creating and Checking Attribute Values
When identity information is sent to FIM Synchronization Service from a connected data source, the synchronization process uses the rules that are configured in the Synchronization Service Manager to either create a new connector space object or use an existing one. As part of the synchronization process, you can determine whether the connector space object contains the necessary attribute values as a processing requirement by implementing the FilterForDisconnection method.
If you perform data transformations or other operations beyond those provided by attribute flow mapping in the Synchronization Service Manager when you are setting attribute values on metaverse entries, implement the MapAttributesForImport method to create new attribute values or check for necessary attributes on the connector space entry. If necessary, you can use the FindMVEntries method to search for existing attribute values to ensure that your new attribute value is unique.
The following topics show you how to create and check attribute values by using rules extensions:
Creating a Unique Naming Attribute
Every connected data source uses a naming attribute for entries, objects, or identities. For example, in Lightweight Directory Access Protocol (LDAP)-based connected directories, the distinguished name is used as the naming attribute. To ensure that the entries, objects, or identities are uniquely identified, each distinguished name must be unique. These naming attributes are constructed based on the integrated view in the metaverse. You can use a rules extension to create a value for the naming attribute and check that the value is unique.
To create a naming attribute, implement the Provision method for metaverse objects that have changed, or implement the Deprovision method when a metaverse object is deleted.
To ensure that the naming attribute is unique, the synchronization rules will throw the ObjectAlreadyExistsException exception if the naming attribute value already exists. Handle this exception by creating a new value for the naming attribute (retry until the operation succeeds).
The following topics show you how to create unique naming attributes using rules extensions:
Distinguished Name Considerations
Make sure that you change the attributes of an object before you construct a distinguished name. If you change a component of the distinguished name, the corresponding object attribute remains the same unless you manually change the attribute value.
To improve the performance of your rules extension, use the specified case for attribute and class names. If you use the specified case for attribute and class names, your rules extension does not have to determine the correct name from the schema and then obtain the name from the object model again.