After you install Forefront Identity Manager Synchronization Service (FIM Synchronization Service), one of the first steps to do after you project identity information from the different data sources into the FIM Synchronization Service database (metaverse) is to create and export new objects into other connected data sources. This process is known as provisioning. You implement provisioning by creating a rules extension that implements the Provision method. When the method is called, it gets passed the metaverse object as an MVEntry object.

We recommend that you follow these steps when you implement the provisioning logic:

Determine the State of the Object

Provision the objects in the connector space by first investigating attribute values to determine the current state of the MVEntry object as passed to the method. If the MVEntry object meets a certain condition by matching expected attribute values, you can apply the appropriate provisioning logic to the CSEntry object. MVEntry objects that do not meet a certain condition stay in the same state without having to add additional logic into the provisioning code.

Start Creating a New Connector or Use the Existing Connector

After you determine the state of the metaverse object, you can create a new connector or use an existing connector, depending on the value of the Count property. If this value is zero, start creating a new connector using the StartNewConnector method. If the property is 1, use the existing connector. Throw an UnexpectedDataException exception if the property value is greater than 1, and if this is an unexpected value.

To start creating the connector, use the StartNewConnector method. When you call this method, use the object type that was selected in the management agent as the parameter. To determine the object type that was selected, go to Select Object Types in the management agent properties.

To use the existing connector, use the ByIndex property or the ByDN property.

The following examples show how you can obtain the number of connectors and then create a new connector, use an existing connector, or throw an exception, depending upon the number of connectors.

Visual Basic  Copy Code
' Get the number of connectors for this MVEntry object under
' this management agent.
Dim ManagementAgent As ConnectedMA
Dim Connectors As Integer
Dim csentry As CSEntry
Dim DN As ReferenceValue

Connectors = ManagementAgent.Connectors.Count
DN = ManagementAgent.EscapeDNComponent(System.Guid.NewGuid().ToString)

If 0 = Connectors Then

	' Create the new connector.
	CSEntry = ManagementAgent.Connectors.StartNewConnector("person")

	' Assign the distinguished name
	CSEntry.DN = DN

	' Finish creating the new connector.

ElseIf 1 = Connectors Then
	' Assign the distinguished name using the existing connector.
	CSEntry = ManagementAgent.Connectors.ByIndex(0)
	CSEntry.DN = DN

	Dim ExceptionMessage As String
	ExceptionMessage = "Multiple Connectors on Management Agent"
	Throw New UnexpectedDataException(ExceptionMessage)

End If
C#  Copy Code
// Get the number of connectors for this MVEntry object under
// this management agent.
int Connectors;
ReferenceValue DN;

Connectors = ManagementAgent.Connectors.Count;
DN = ManagementAgent.EscapeDNComponent(System.Guid.NewGuid().ToString());

if(0 == Connectors)
	// Create the new connector.
	csentry = ManagementAgent.Connectors.StartNewConnector("person");

	// Assign the distinguished name.
	csentry.DN = DN;

	// Finish creating the new connector.

else if(1 == Connectors)
	// Assign the distinguished name using the existing connector.
	csentry = ManagementAgent.Connectors.ByIndex[0];
	csentry.DN = DN;

	string ExceptionMessage;
	ExceptionMessage = "Multiple Connectors on Management Agent";
	throw new UnexpectedDataException(ExceptionMessage);

Set the Appropriate Distinguished Name or Attribute Values

To create a new valid connector, you must set additional information on the new CSEntry object. The information that you set depends on the connected data source:

  • Lightweight Directory Access Protocol (LDAP)-based connected data sources. These connected data sources require a distinguished name (DN) for each object. Some examples of LDAP-based data sources are those data sources that use the management agents for Active Directory Domain Services (AD DS), Sun ONE Directory Server 4.1x and 5.x (formerly iPlanet Directory Server), Netscape Directory Server 4.1 and 6.01, Microsoft Exchange Server 5.5, LDAP Data Interchange Format (LDIF), and Directory Service Markup Language Services for Windows (DSML). For these data sources, construct a distinguished name with either the EscapeDNComponent method or the CreateDN method. Use the CSEntry object that is returned by one of these methods to set the DN property. Finish the connector creation process by using the CommitNewConnector method. For a code example that shows how to provision objects in the connector space for LDAP-based connected directories, see How to: Provision LDAP-Based Connected Data Sources.

    Use uppercase letters when you specify naming attributes for an Active Directory DN such as OU, CN, and DC: for example, OU=marklee, OU=users, DC=fabrikam, DC=com. Using lowercase naming attributes may slow down the export of the management agent's data to AD DS.
  • Connected data sources that expect the anchor attributes to be provided by FIM Synchronization Service. These connected data sources use the attribute that is specified in Set anchor of Configure special attributes in the management agent properties for the primary key. The anchor attribute can be a calculated value based on a single or multiple attributes. These data sources require that you set the specified anchor attribute values on the new connector object. For a code example that demonstrates how to provision these objects, see How to: Provision Connected Data Sources That Expect FIM Synchronization Service to Provide the Anchor Attributes.

  • Connected data sources that generate the anchor attributes. These connected data sources typically generate a primary key value from an auto-incremented identity column. For these types of data sources, you set the DN property to a temporary value and then add the new connector. When the new connector object is exported, the connected data source provides the permanent anchor. For a code example that shows you how to provision objects from data sources that provide the primary key, see How to: Provision Connected Data Sources That Generate Anchor Attributes.

  • Other Connected Data Sources. These connected data sources require specified property values before you add the connector to the connector collection. For a code example that shows you how to provision these objects, see the following code examples:

Finish Creating the New Connector or Disconnect or Rename the Existing Connector

After you set the appropriate attribute values, you can do one of the following:

Handle Any Exceptions

During the provisioning process, an exception might be thrown by the operating system, the Microsoft .NET Framework, or the rules extension. Decide if the exceptions should stop or continue the provisioning process. For more information, see How to: Catch Exceptions.

See Also


Using Rules Extensions

Other Resources