So, below are some of the lines of code you'll need to add to your Metaverse rules extension project. The entire file is included below, but I wanted to call attention to the pieces of code you'll need to add to an existing project.
References and Imports
The only
Imports line you'll need to add to your existing project (if it is not their already) is to add the reference to Regular Expressions.Imports System.Text.RegularExpressionsNext, you will want to have six variables assigned. Whether or not you are doing this through an XML configuration file or hardcoded, you will need the following six variables assigned:
Public Shared strSyncToMA, strSyncFromMA, strProdConfigDN, strDevConfigDN, strProdDomainDN, strDevDomainDN As String
strSyncToMA = "SyncDevAD" ' The name of the ADMA we're syncing To
strSyncFromMA = "SyncProdAD" ' The name of the ADMA we're synching From
strProdConfigDN = "CN=Configuration,DC=fabrikam,DC=com"
strProdDomainDN = "DC=fabrikam,DC=com"
strDevConfigDN = "CN=Configuration,DC=fabrikam,DC=test"
strDevDomainDN = "DC=fabrikam,DC=test"The next thing you will want is to call our function from the Provision sub:
Dim strObjectType As String = mventry.ObjectType.ToString
SyncProdToDEV(mventry, strObjectType)Now we need to provide the functions themselves, but since they are too large to post here I will include the link to the file instead:
ADMA Exports
The ADMA exports are pretty straightforward - they are exported from fabrikam.com and fabrikam.test forests so you'll need to replace the credentials and partitition names with your own during the import process. However, before you proceed with importing these files, make sure you have imported the MVSchema.xml file first or the imports will fail.
- SyncDevAD.xml - ADMA Export for the development forest
- SyncProdAD.xml - ADMA Export for the production forest
So that's it! I hope you find some use for this and by all means tinker and expand!
9 comments:
I hope you still read comments on this post, despite it being months since you posted. The info you have provided here is excellent, and is part of what I needed. Do you have an idiot's guide or a backup of your MIIS system and the MIIS folders including Extensions, MAs, and Source Code? I'd really appreciate if you could email it to me at pcusub@gmail.com.
Thanks
PCU,
All of the files you need are contained in the three postings. Providing a compiled MVExtension would provide little to know value since it would not integrate with anything you already have in place.
The MVExtension.vb sample that is provided has all of the code samples you'd need to integrate into your own extension, or you should be able to use it as a start if you don't have one of your own.
The MVSchema.xml file provides the schema necessary for the two MA XML imports to function, between these files you have all of the MA and source code necessary for the solution.
One note of Errata, I just updated the MVExtension.vb to fix an error with provisioning of contact objects.
Brad,
I've successfully used your solution to provision one source domain to one target domain. I would now like to provision from the rest of the source forest to the target forest (multiple children and two trees). Pls advise how I can do this, MVExtension.vb seems to only have a single source DN to target DN mapping.
Could you also explain whether matching of destination DN to the destination directory partition is automatic (as the CS will have DNs from the whole forest), or if we specifiy the mapping somewhere.
Thanks,
Is there any other way of downloading the solution files?
The links dont seem to work any more!
Sorry, I'm having difficulty with my provider MediaMax for some reason. I'm making arrangements to move the file hosting elsewhere but in the meantime you can email me at bturner@ensynch.com and I'll send you the files.
Hi Brad
First of all thanks for going to the effort of making this available to the community. It's great stuff!
I've been playing with the solution in a lab environment and have got it to work. There are two areas where I am having problems though.
The first is with Contact objects. I just can't get it to do the outbound synchronization. I've tried messing with putting logging into the MV extension, but haven't managed to resolve it yet. You mention in your blog that you put in a fix for Contact objects and I'm thinking (hoping) the available download vb file is pre-fix???
The second issue is password sync. It would be nice to have and I've tried implementing PCNS with the solution. MIIS imports the password update ok, but doesn't push it through to the target during the Sync. Not sure if the whole password thing is just wishful thinking on my part or whether it should work?
Tony
If I recall correctly, the only issue with the contact was to take out the line setting the samAccountName on the contact (contacts don't get one).
I've noticed that the whole approach works less optimally than before. My suspicion is that the PG finally made good on all of those promises to "not process objects in any order". Previously, if you did an import from ADMA and a sync MIIS would process the objects in the order they were presented with the proper dependencies; however lately it seems to generate a ton of dependency errors and requires several runs to get everything through.
As for password replication, this should work as well - there is a ton of great posts on troubleshooting PCNS and the MA configs to get password replication setup. The caveat here is that passwords do not magically replicate on their own, they are replicate only when the password changes and is captured through PCNS.
Thanks Brad
Yeah, I had already found the sAMAccountName line and had taken it out. That left me with targetAddress, which I also couldn't use because my source forest doesn't have Exchange, so I am working with a smaller set of attributes. I changed it to cn, but have had no luck with it. I also had to hack at the MA to remove references to other Exchange-related attributes.
Yeah(2), I hit the dependency issues, but as you say, they disappear after a few syncs.
I will keep going with PCNS. I can see the password update coming into the MA, but it doesn't get pushed through from there.
Tony
Hi Brad
Good to see you at the summit - and thanks for your session.
Just to follow up on this. I found the issue with provisioning contacts. It turns out that "dn" was missing from the import attribute flow for contact objects. This causes the MV extension to bail at the following point:
If mventry("dn").IsPresent = False Then
After manually adding "dn" to the import attribute flow in the MA properties provisioning contacts started to work.
I managed to resolve my PCNS issue too (PEBKAC).
Thanks again for making the information publicly available - really good stuff.
Tony
Post a Comment