Windows Server 2008 R2 - Recycle Bin feature is an irreversible action.

Active Directory Recycle Bin provides a very quick way to recover Active Directory objects that have been deleted without needing to reboot a domain controller, perform authoritative restore operations, and wait for replication. Once enabled, any object can be quickly restored using a simple PowerShell command

Error - NoSuchManagementAgentException Error

There are a few gaps in TechNet and it can be confusing switching from one article to other, so I have collate it here in my Blog...Hope it will make sense.

In My lab I have use the Notepad as my HRdatabase,to project the user in metaverse and finally provisioning in FIM portal. 

Create the data file.
Copy the records from the following data and then paste them into a new Notepad file

EmployeeID:1
FirstName:Anirban
LastName:Singha
UserID:ansi
EmployeeType:Full Time Employee

EmployeeID:2
FirstName:Anil
LastName:Panem
UserID:Anilkp
EmployeeType:Full Time Employee

Save the Notepad file on your local drive as C:\HRData.txt


For creation of Notepad MA,FIM MA and Inbound Sync Rule please refer to - http://technet.microsoft.com/en-us/library/ee534902(WS.10).aspx

Challenges – when I run the Sync of FIM MA and Notepad MA receiveing the below error.

Use the PowerShell to enable provisioning you can do this by running the script, Using Windows PowerShell to Enable Provisioning (http://go.microsoft.com/fwlink/?LinkId=189660).

Make sure your Notepad MA have precedence over the FIM MA.  

Overview -

Groups not provisioning in Active Directory.

 

I have seen user coming back and say I have created group and my group is still not working L and it relay feels pain to go back and say you have to delete the group and re create the group.

FIM 2010 and R2 never checks the existing display name of the group, it goes fine with the alias.so what cause the group falling with the same display name ?

I have done some TS into it and find the group fails to provision in AD and if you do the metaverse search of the group you will find group with already existing display name.

Now again I am coming back to my question? Why the group are failing.

Each object in AD has a GUID assigned to it, but since the GUIDs are hard to remember, we generally use DNs

Every object in AD have a specific location and stored uniquely in AD and store the data as CN=DisplayName,OU=XXXXX,DC=COM.

If group with the same display name created it conflict with the already existing DN in AD and Synchronization Rule in FIM not allow the groups to get provision in AD. J

Precedence of MA.

I had run the FIM MA Export, the attribute had not flow correctly in FIM Portal.

After investigate I found that the FIM MA precedence was High then HR MA.

The attribute has to flow from the HR to FIM, so in this case the precedence of HR should be higher than FIM MA.After set the precedence of HR MA higher than FIM MA the object successfully provision from HR application to FIM portal.

Error “Does not have a parent object in Management agent.”

Error “Does not have a parent object in Management agent.”

 

When I run the Delta Sycs for FIM  MA, I started getting the error Sync-rule-flow-provsioning-failed. After viewing the stack information I notice the object does not have a parent object in management agent.

After way too long, I realized I needed to Run an import with the AD MA first before trying to provision group  with the declarative provisioning from the portal. If you forget to do this you will get the error Object "CN=XXX,OU=XXXX,DC=XXXX,DC=XXXX" does not have a parent object in management agent "AD MA".

Having Run an Import with AD MA  followed by FIM Delta Import,Delta Sync and AD MA Export, the object provision sucessfully in  the external source.

Portal Configuration displaying name.

Click Administration and then Click Portal Configuration.
Click Extended Attribute Tab, In the Branding Center <give the display name>
Click Ok and submit.
At the start->Run Menu ->type IISReset and then press ENTER.

Select Attribute in MA in SSM corresponds to Destination source in FIM.

While configuring the synchronization in FIM portal, few attribute was missing from the Destination source in FIM. After TS into the MA in the Synchronization service manager, I have miss to select the attribute for the destination Source. Once I have selected the right attribute in the MA, the attribute shown in the Destination source in FIM.

The snapshot is below for the new babe to FIM like me.