Comments on: ILM2 RC0 Part 2 – Migrating configuration from ILM 2007 http://www.wapshere.com/missmiis/ilm2-rc0-part-2-migrating-configuration-from-ilm-2007 Adventures in identity management Tue, 07 Feb 2012 08:24:49 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Carol http://www.wapshere.com/missmiis/ilm2-rc0-part-2-migrating-configuration-from-ilm-2007/comment-page-1#comment-108 Carol Fri, 05 Jun 2009 08:33:53 +0000 http://www.wapshere.com/missmiis/?p=289#comment-108 Thanks for posting this Bob - this looks like it may trip many people! Thanks for posting this Bob – this looks like it may trip many people!

]]> By: bob.bradley@unifysolutions.net http://www.wapshere.com/missmiis/ilm2-rc0-part-2-migrating-configuration-from-ilm-2007/comment-page-1#comment-107 bob.bradley@unifysolutions.net Fri, 05 Jun 2009 06:30:28 +0000 http://www.wapshere.com/missmiis/?p=289#comment-107 Carol - I've managed to solve my problem, and I expect there will be a lot more folks running into this one ... The MIIS SP2 metaverse schema turned out to already have an attribute with the name objectSID, and when the ILM2 MA tries to update the metaverse schema with its own "objectSid" (lower case id) it throws the above (slightly misleading) error message. What lead me to discover this was the BAIL error text which pointed to a "Join: Invalid mv object type mv-object-type for element", which according to the MSDN doco (http://msdn.microsoft.com/en-us/library/ms698391(VS.85).aspx) indicated a schema mismatch. I discovered the problem when I attempted to manually import the MV schema from a clean ILM2 image and got an error pointing to the existing (legacy) objectSID attribute. There will be a lot of sites which use ILM/MIIS to populate ADLDS/ADAM instances with userProxyFull objects, as is the case here, which necessitates adding the objectSid to the metaverse. If the ILM implementor happens to spell the attribute name in any way other than "objectSid" (i.e. matching case) it will fail with this error. Carol – I’ve managed to solve my problem, and I expect there will be a lot more folks running into this one …
The MIIS SP2 metaverse schema turned out to already have an attribute with the name objectSID, and when the ILM2 MA tries to update the metaverse schema with its own “objectSid” (lower case id) it throws the above (slightly misleading) error message. What lead me to discover this was the BAIL error text which pointed to a “Join: Invalid mv object type mv-object-type for element”, which according to the MSDN doco (http://msdn.microsoft.com/en-us/library/ms698391(VS.85).aspx) indicated a schema mismatch. I discovered the problem when I attempted to manually import the MV schema from a clean ILM2 image and got an error pointing to the existing (legacy) objectSID attribute.
There will be a lot of sites which use ILM/MIIS to populate ADLDS/ADAM instances with userProxyFull objects, as is the case here, which necessitates adding the objectSid to the metaverse. If the ILM implementor happens to spell the attribute name in any way other than “objectSid” (i.e. matching case) it will fail with this error.

]]> By: bob.bradley@unifysolutions.net http://www.wapshere.com/missmiis/ilm2-rc0-part-2-migrating-configuration-from-ilm-2007/comment-page-1#comment-106 bob.bradley@unifysolutions.net Thu, 04 Jun 2009 08:09:55 +0000 http://www.wapshere.com/missmiis/?p=289#comment-106 Carol I'm also at a site and getting the same error - but there are no "Any" join rules in this case. However there are 2 instances of the OpenLDAP xMA on this server where the xMA itself has not been installed (and hence the Properties tab for this MA is greyed out). I expect that as soon as I install the xMA it will allow me to create the ILM2 MA ... Carol
I’m also at a site and getting the same error – but there are no “Any” join rules in this case. However there are 2 instances of the OpenLDAP xMA on this server where the xMA itself has not been installed (and hence the Properties tab for this MA is greyed out). I expect that as soon as I install the xMA it will allow me to create the ILM2 MA …

]]> By: Carol http://www.wapshere.com/missmiis/ilm2-rc0-part-2-migrating-configuration-from-ilm-2007/comment-page-1#comment-78 Carol Tue, 20 Jan 2009 07:39:39 +0000 http://www.wapshere.com/missmiis/?p=289#comment-78 An update on that postscript - I posted this to Microsoft Connect, and what an excellent service! I got a response back within hours. It turns out that RC0 does not support join rules to "Any", but that this has been corrected in the final release version. Apparently this was covered in the release notes ... I tried to read 'em, honest... An update on that postscript – I posted this to Microsoft Connect, and what an excellent service! I got a response back within hours. It turns out that RC0 does not support join rules to “Any”, but that this has been corrected in the final release version.

Apparently this was covered in the release notes … I tried to read ‘em, honest…

]]>