No objects are exported when you run the export run profile for an Active Directory global address list management agent (818572)


The information in this article applies to:

  • Microsoft Identity Integration Server 2003 Enterprise Edition
  • Microsoft Identity Integration Feature Pack for Microsoft Windows Server Active Directory

SYMPTOMS

When you run export run profiles for Active Directory global address list (GAL) management agents to synchronize the global address lists in those forests, the operation displays a successful status. However, no objects are exported to the Microsoft Active Directory directory service. This issue occurs after you run import run profiles for the management agents to import objects from two or more Active Directory forests to the Microsoft Identity Integration Server 2003 metaverse.

CAUSE

This issue occurs if you do not enable a provisioning rules extension before you synchronize objects into the metaverse. If the provisioning rules extension is not enabled, the objects are not provisioned. The objects are only created in the metaverse. Therefore, when you run the export run profile for the management agent or the management agents, no objects are exported to the connected directory.

RESOLUTION

To resolve this issue, after you perform an import run profile for a management agent, you must configure the provisioning rules extension, and then you must run an export run profile for that management agent. To do this, follow these steps:
  1. Click Start, point to All Programs, point to Microsoft Identity Integration Server, and then click Identity Manager.
  2. On the Tools menu, click Configure Extensions.
  3. Click to select the Enable Provisioning Rules Extension check box, and then click OK.
  4. Run a full synchronization run profile on each Active Directory global address list (GAL) management agent.
    1. Click the management agent where you want to run the full synchronization run profile.
    2. On the Actions menu, click Run.
    3. In the Run profiles list, click Full Synchronization, and then click OK.
  5. Run the export run profile on each Active Directory global address list (GAL) management agent. To do so:
    1. Click the management agent where you want to run the export run profile.
    2. On the Actions menu, click Run.
    3. In the Run profiles list, click Export, and then click OK.

MORE INFORMATION

If you enable provisioning for an Active Directory global address list (GAL) management agent before you perform the first Full Import run profile for that management agent, you receive an error result when you run the Full Import run profile. This issue occurs because no structure yet exists in the other management agent's connector space for provisioning to write to. Because of this, you must run the Full Import (Stage Only) step type in the run profile for that management agent to bring in the structure before you synchronize the data. You can then run synchronization with provisioning enabled. By default, provisioning verification is not enabled so that this scenario can be avoided.

REFERENCES

For additional information about how to configure the Active Directory global address list management agent, see the MIIS_2003_GAL_synchronization_Step_by_step.doc document in the MIIS Walkthroughs\GALSynchronization folder on the Identity Integration Server 2003 CD.
Modification Type:MajorLast Reviewed:12/31/2003
Keywords:kbprb KB818572 kbAudITPRO
©2003 Microsoft Corporation. All rights reserved.