Hello,
I'm trying to figure out why the group member attributes in the CS are not flowing into the MV. Here's what I have:
An HR system running on SQL Server
A staging database that extract data from the HR system
The staging database has a table representing person object
The stating database has a table representing person multi-valued attributes (i.e location, job code, etc)
The staging database has a table representing group objects
The staging database has a table representing group memberships (mult-valued)
A SQLMA connected to the person and person multi tables
A SQLMA connected to the group and group membership tables
All group memberships are based on job codes and locations. There are no approval process in place. If they have this job code, they get certain groups. That's all calculated in the staging database and the memberships are in the group membership
table
This system does connect to AD (and a few other things), but I'm not concerned with that, right now.
I've read 100 articles on this, most of them over 5 years old, and tried the ones that made sense. The flow from the database into the CS works well. No issues there.
But, a search of the metaverse for the group shows an empty member attribute. The sync process is not throwing any errors. At least they're not showing up in the sync service app or the event logs.
Where allowed, I'm using rules extensions for everything. I can't use a rules extension to set the member attribute because it's an rdn.
I'm going to move forward with this by extending the metaverse schema and adding a multi-valued string attribute named "memberOf" to the person object. Then, I'll modify my existing MA to use that attribute instead of the member attribute.
I'm not sure what kind of issues I'm going to run into when exporting that to AD. I'll cross that bridge when I come to it. I don't anticipate that being an issue as the dns for all these objects will be calculated by the ADMA based on locations,
group functions and person types (bascially, I don't care about the MV rdn).
Anyway, I'm looking for some real world insight on this. This whole effort is to migrate off an existing IDM system that works very, very well but quite expensive to license.
Thanks,
Greg Wilkerson