AD user Target Reconn

Hi Experts,
               Our Oim Version is 11.1.1.5 and AD connector version also 9.1.1.5; Our AD user Target Reconn job runs from 10.00 pM to 7.00PM everyday even though we have just around 2000 employees is this the behavior of the connector ? ;. I am wondering why it is taking such a long time;  I could not find a way to debug this job. Please if you have any tips let me know I will work on it,
Thanks a lot!!!

With 2000 users it really shouldn't take more than max an hour.
One thing to check is if it is the AD server that is slow or OIM. You can either look at the timestamps of the recon events or sniff the network traffic. Less useful than it used to be in back in the LDAP days but can still tell you if there is anything going on.
Instructions: http://iamreflections.blogspot.com/2010/08/how-i-learned-to-stop-worring-and-love.html
Good luck
Martin

Similar Messages

  • Error while running AD User Target Recon

    Hi,
    We are getting the below error while running AD User Target Recon:
    [2012-09-04T10:07:32.262-04:00] [oim_server2] [NOTIFICATION] [] [oracle.iam.features.scheduler.agentry.operations] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 98fe4d9aa175090d:7101298f:13991840195:-8000-0000000000000235,0] [APP: oim#11.1.2.0.0] ADP ClassLoader failed to load: Script1[[
    java.lang.ClassNotFoundException: ADP ClassLoader failed to load: Script1
    at com.thortech.xl.dataobj.tcADPClassLoader.findClass(tcADPClassLoader.java:229)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:247)
    at java.lang.Class.forName0(Native Method)
    at java.lang.Class.forName(Class.java:247)
    at oracle.iam.scheduler.vo.ClassLoaderObjectInputStream.resolveClass(ClassLoaderObjectInputStream.java:72)
    at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1574)
    at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1495)
    at java.io.ObjectInputStream.readClass(ObjectInputStream.java:1461)
    at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1311)
    at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1946)
    at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1870)
    at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1752)
    at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328)
    at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1946)
    at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1870)
    at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1752)
    at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328)
    at java.io.ObjectInputStream.readObject(ObjectInputStream.java:350)
    at oracle.iam.scheduler.vo.JobHistory.getExceptionObject(JobHistory.java:78)
    at oracle.iam.features.scheduler.agentry.operations.LookupActor.prepare(LookupActor.java:1282)
    at oracle.iam.features.scheduler.agentry.operations.LookupActor.refresh(LookupActor.java:3074)
    at oracle.iam.features.scheduler.agentry.operations.LookupActor.perform(LookupActor.java:2495)
    at oracle.iam.consoles.faces.mvc.canonic.Model.perform(Model.java:579)
    at oracle.iam.consoles.faces.mvc.admin.Model.perform(Model.java:326)
    at oracle.iam.consoles.faces.mvc.canonic.Controller.doPerform(Controller.java:257)
    at oracle.iam.consoles.faces.mvc.canonic.Controller.doSelectAction(Controller.java:179)
    at oracle.iam.consoles.faces.event.NavigationListener.processAction(NavigationListener.java:99)
    at javax.faces.event.ActionEvent.processListener(ActionEvent.java:88)
    at org.apache.myfaces.trinidad.component.UIXComponentBase.broadcast(UIXComponentBase.java:675)
    at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:179)
    at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:92)
    at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:361)
    at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:96)
    at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:102)
    at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:92)
    at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:361)
    at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:96)
    at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:96)
    at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:475)
    at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:756)
    at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._invokeApplication(LifecycleImpl.java:889)
    at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:379)
    at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:194)
    at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
    at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
    at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:205)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:106)
    at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
    at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
    at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
    at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:271)
    at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:177)
    at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.iam.platform.auth.web.OIMAuthContextFilter.doFilter(OIMAuthContextFilter.java:107)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:179)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
    at java.security.AccessController.doPrivileged(Native Method)
    at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
    at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:442)
    at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
    at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
    at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:139)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
    at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
    at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
    at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
    [2012-09-04T10:07:32.314-04:00] [oim_server2] [NOTIFICATION] [] [oracle.iam.features.scheduler.agentry.operations] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 98fe4d9aa175090d:7101298f:13991840195:-8000-0000000000000235,0] [APP: oim#11.1.2.0.0] [[
    java.lang.NullPointerException
    at java.io.ByteArrayInputStream.<init>(ByteArrayInputStream.java:89)
    at oracle.iam.scheduler.vo.JobHistory.getExceptionObject(JobHistory.java:76)
    at oracle.iam.features.scheduler.agentry.operations.LookupActor.prepare(LookupActor.java:1282)
    at oracle.iam.features.scheduler.agentry.operations.LookupActor.refresh(LookupActor.java:3074)
    at oracle.iam.features.scheduler.agentry.operations.LookupActor.perform(LookupActor.java:2495)
    at oracle.iam.consoles.faces.mvc.canonic.Model.perform(Model.java:579)
    at oracle.iam.consoles.faces.mvc.admin.Model.perform(Model.java:326)
    at oracle.iam.consoles.faces.mvc.canonic.Controller.doPerform(Controller.java:257)
    at oracle.iam.consoles.faces.mvc.canonic.Controller.doSelectAction(Controller.java:179)
    at oracle.iam.consoles.faces.event.NavigationListener.processAction(NavigationListener.java:99)
    at javax.faces.event.ActionEvent.processListener(ActionEvent.java:88)
    at org.apache.myfaces.trinidad.component.UIXComponentBase.broadcast(UIXComponentBase.java:675)
    at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:179)
    at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:92)
    at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:361)
    at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:96)
    at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:102)
    at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:92)
    at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:361)
    at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:96)
    at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:96)
    at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:475)
    at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:756)
    at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._invokeApplication(LifecycleImpl.java:889)
    at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:379)
    at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:194)
    at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
    at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
    at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:205)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:106)
    at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
    at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
    at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
    at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:271)
    at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:177)
    at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.iam.platform.auth.web.OIMAuthContextFilter.doFilter(OIMAuthContextFilter.java:107)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:179)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
    at java.security.AccessController.doPrivileged(Native Method)
    at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
    at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:442)
    at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
    at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
    at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:139)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
    at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
    at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
    at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
    Have anyone faced this issue ?? Any idea how to resolve this ??
    Thanks,
    Hrushi

    920194 wrote:
    Hi Bikash,
    Thank you that helped a bit!! I see the same behaviour i.e., recon events are created when using displayName or givenName attribute and it does not work using "samAccountName". Were you able to find the solution for this ??The solution would have to be provided by Oracle as this looks like a bug, since the connector doc gives example of filter as samAccountName.
    Also, when we reconcile using displayName/givenName attribute, even though the recon event is created, the status if the scheduler is Failed with "oracle.iam.connectors.icfcommon.exceptions.OIMException: Thor.API.Exceptions.tcAPIException: Row index out of bounds" Any idea on this ??Full stacktrace??
    Thanks,
    Hrushi

  • Issue with Active Directory User Target Recon

    Hi ,
    I am facing an issue with Active Directory User Target Recon
    My environment is OIM 11g R2 with BP03 patch applied
    AD Connector is activedirectory-11.1.1.5 with bundle patch 14190610 applied
    In my Target there are around 28000 users out of which 14000 have AD account (includes Provisioned,Revoked,Disabled accounts)
    When i am running Active Directory User Target Recon i am not putting any filter cleared the batch start and batch size parameters and ran the recon job .Job ran successfully but it stopped after processing around 3000 users only.
    Retried the job two three times but every time it is stopping after processing some users but not processing all the users.
    Checked the log file oimdiagnostic logs and Connector server logs cannot see any errors in it.
    Checked the user profile of users processed can see AD account provisioned for users
    My query is why this job is not processing allthe users.Please point if i am missing some thing .
    thanks in advance

    Check the connector server load when you are running the recon. Last time I checked the connector, the way it was written is that it loads all the users from AD into the connector server memory and then sends them to OIM. So if the number was huge, then the connector server errored out and did not send data to OIM. We then did recon based on OUs to load/link all the users into OIM. Check the connector server system logs and check for memory usage etc.
    -Bikash

  • Error while "OID USER TARGET RECON"....

    hi,
    Iam new to OIM and i would really appreciate your help.
    Everytime i run the OID USER TARGET RECON i keep getting this annoying error which actually prints in the log but it doesnt stop the process (i beleive). The updated data in the OID is reflecting the process form but for some reason this error is coming. please help!
    DEBUG QuartzWorkerThread-3 XELLERATE.APIS - Class/Method: tcLookupOperationsBean
    */getLookupValuesFilteredData entered.*
    DEBUG QuartzWorkerThread-3 XELLERATE.APIS - Class/Method: tcLookupOperationsBean
    */getLookupValuesFilteredData left.*
    INFO QuartzWorkerThread-3 XELLERATE.JAVACLIENT - System Event Handler: Validatin
    g the name of the Organization
    ERROR QuartzWorkerThread-3 XELLERATE.DATABASE - Class/Method: tcDataBase/writeSt
    atement encounter some problems: ORA-02291: integrity constraint (OIMUSER.FK_ACT
    _ACT) violated - parent key not found*
    java.sql.SQLIntegrityConstraintViolationException: ORA-02291: integrity constrai
    nt (OIMUSER.FK_ACT_ACT) violated - parent key not found
    at oracle.jdbc.driver.SQLStateMapping.newSQLException(SQLStateMapping.ja
    va:85)
    at oracle.jdbc.driver.DatabaseError.newSQLException(DatabaseError.java:1
    *33)*
    at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java
    *:206)*
    at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:455)
    at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:413)
    at oracle.jdbc.driver.T4C8Oall.receive(T4C8Oall.java:1034)
    at oracle.jdbc.driver.T4CPreparedStatement.doOall8(T4CPreparedStatement.
    Thanks,
    Thilak

    hi,
    Thanks for your timely reply,
    The users are created in OIM and it is already provisioned to OID(*User is in both OIM and OID*), but we update the fields in OID through a script and try to bring the updated values to OIM process form by target recon. When i run the recon i get this error in the log but the values are getting updated successfully.
    Thanks
    Thilak

  • AD User Target Recon - added whenCreated attribute but no data saved in OIM

    Hello.
    I added the whenCreated attribute from the AD account to the AD User form (I used Variant = Date and Field Type=DateFieldDlg, patterned after the UD_ADUSER_DATE field that came OOTB). However when I run the recon, the value for whenCreated is not saved in the form. However the Recon Event shows the data being fetched...
    Thoughts anybody?
    I believe whenCreated in AD is a timestamp in the Generalized Time syntax, but accountExpires is not, that may be one problem.

    user8663548 wrote:
    Thx Rajiv. The tool is a little shaking when it comes to saving more than one column at a time...Anyway, I'm getting close to being done with adding new fields for AD User Target Recon. What's the best way to export this new version of the AD User form to another OIM environment, so that I don't have to redo the work of updating: Form, Object Resource, Process Definition, Lookup Definition? Any lessons learned I should know to make that process as painless as possible?When you export the form along with the resource object or even without the resouce object, it always takes the export of the active version (can be latest or not latest) ... the way I follow is to take export of Resource Object and then continue selecting all the dependecies i.e. form, process and adapters etc.
    Edited by: user8663548 on Jan 27, 2012 2:36 PM
    Btw, if I click Save in Form Designer, and I wait until it looks like the tool is done (mouse pointer is no longer a rotating circle), then I click Close form, I get a message stating "Are you sure that you want to close without saving your work?". Has anybody experienced this, and lost work as a result, even after clicking Save a couple more times for good measure? I sure hope the Form Designer is more robust and user-friendly in 11g!Well 11G too has this issue, the message is kind of fake and can be ignored. I just make sure by reopening the object to see if the changes are persisted.
    -Bikash

  • AD User Target Recon

    What exactly does AD User Target Recon do? Since it is not trusted recon, I am sort of expecting changes made to AD to be reverted back to whatever OIM says they should be. So if an admin changes a user's givenName in AD, e.g. Ron to Ron2, then the AD User Target Recon will revert the change back to Ron. Does it make these attributes changes? What else does it do? The documentation is short and doesn't offer a good explanation.
    Thanks

    AD User Target Recon It reconciles the information back to the OIM. i.e When you change the name from RON to RON2 then it will update the OIM and make the name RON2. You need to decised during the implementation itself if you want only provisioning to happen from OIM to AD or you want also Reconcilliation to happen from AD to OIM aswell. To keep the information synchronous when there is updates from both ends then it is recommended to go for both provisioning and reconsiliation process.

  • 11gr2 Active Directory User Target Delete Recon Search Root

    Hi All,
    latest AD conector with the patch.
    Have a situation where I need to change the root or base search for the delete recon. by default it seams to want to search at the domain level but that won't work for us. Checked the doc and can't seem to find anyway to change this for the delete recon.
    Thanx in advance
    Fred

    Hi,
    The issue is still pending. I am specifying the following parameters for the scheduled job :
    Batch Size : 100
    Object Type : User
    Batch Start : 1
    Resource Object Name : AD User
    Filter : startsWith('samAccountName','c')
    Scheduled Task Name : Active Directory User Target Recon
    Incremental Recon Attribute : uSNChanged
    Search Base : <blank>
    IT Resource Name : Active Directory
    Search Scope : subtree
    Latest Token : <blank>
    Sort By : samAccountName
    Number of Batches : All
    Sort Direction : asc
    The job runs successfully but no records are reconciled into UD_ADUSER table and the job reports the following error in the logs :
    [2012-10-25T02:32:04.785-07:00] [oim_server1] [ERROR] [] [org.quartz.impl.jdbcjobstore.JobStoreCMT] [tid: QuartzScheduler_OIMQuartzScheduler-iamoimdev-v1.capgroup.com1351057898397_MisfireHandler] [userId: oiminternal] [ecid: 80eeb34d89d5ed80:-343bffe9:13a9150ba30:-8000-0000000000000005,1:24567] [APP: oim#11.1.2.0.0] MisfireHandler: Error handling misfires: Unexpected runtime exception: null[[
    org.quartz.JobPersistenceException: Unexpected runtime exception: null [See nested exception: java.lang.NullPointerException]
    at org.quartz.impl.jdbcjobstore.JobStoreSupport.doRecoverMisfires(JobStoreSupport.java:3042)
    at org.quartz.impl.jdbcjobstore.JobStoreSupport$MisfireHandler.manage(JobStoreSupport.java:3789)
    at org.quartz.impl.jdbcjobstore.JobStoreSupport$MisfireHandler.run(JobStoreSupport.java:3809)
    Caused by: java.lang.NullPointerException
    at org.quartz.SimpleTrigger.computeNumTimesFiredBetween(SimpleTrigger.java:800)
    at org.quartz.SimpleTrigger.updateAfterMisfire(SimpleTrigger.java:514)
    at org.quartz.impl.jdbcjobstore.JobStoreSupport.doUpdateOfMisfiredTrigger(JobStoreSupport.java:944)
    at org.quartz.impl.jdbcjobstore.JobStoreSupport.recoverMisfiredJobs(JobStoreSupport.java:898)
    at org.quartz.impl.jdbcjobstore.JobStoreSupport.doRecoverMisfires(JobStoreSupport.java:3029)
    Edited by: IDM_newbie on Oct 25, 2012 2:38 AM

  • IPlanet User Trusted Recon

    I've deployed iPlanet connector in OIM 11g.
    Executed scheduler iPlanet User Target Recon. users are reconciled.
    Bt when I try to execute iPlanet User Trusted Recon, no users are getting reconciled and even no events are generated.
    For the scheduler iPlanet User Trusted Recon, the parameter Trusted Resource Object is Xellerate Users.
    So for Xellerate Users RO, do I need to
    add recon fields,
    add recon action rules,
    map recon fields in process def
    and create recon rule
    Is this the way to follow or is there something else I am missing....

    Did you import "iPlanetXLResourceObject.xml" ?
    Check Connector Guide (2.3.1.6 Configuring Trusted Source Reconciliation), it will ask you to perform some more steps for Trusted Recon.

  • "AD USER TARGER RECON" retry is not working

    Hey,
    I have only 2 connector in my env. Both scheduled to run every 5 min. I am creating the new user in portal UI which also creates user's AD account, which means user gets his AD account created before he get created in OIM. My connectors are scheduled as below.
    1) CREATE USER GTC (runs: 05:20, 05:25. 05:30.... so on)
    2) AD USER TARGER RECON. (runs: 05:22, 05:27: 05: 32.... so on)
    My issue is "AD User Targer Recon" is not retry is not working. Means it picks the user first time and trying to link up with OIM. But linking is not happening (NO MATCH FOUND) because user didnt get created in OIM yet. CREATE USER GTC runs and create the user after AD some times. But "AD User Targer Recon" is not trying to link the user when it run next time!!!
    Steps:
    *1) Time 5:20 ==> CREATE USER GTC ran and no new user.*
    *2) Time 5:21 ==>Portal creates new user XXX & user created in AD.*
    *3) Time 5:22 ==>AD USER TARGER RECON ran and picked up user XXX, but NO MATCH FOUND.*
    *4) Time 5:25 ==> CREATE USER GTC ran found new user XXX in potral and reconed in OIM.*
    *5) Time 5:27 ==>AD USER TARGER RECON ran and didnt picked up any one (since it already processed XXX once and not trying any more)*
    How to fix this issue. I would like AD USER TARGER RECON should retry the user if they didnt link with OIM while last ran. I have tried setting retry count in process definition and also in task scheduler, but no luck. Any idea please.
    Thanks
    kln

    Hey Sunny,
    Yes, I did tested both of these ideas already and works.
    1) Modify the user attribute in AD is always works. AD recon used to pick up the modified user and link with OIM (if user dont have AD account linked) .
    2) I clear the ADCS Timestamp in "AD User Target Recon" task scheduler and it picks up all the user and linked with OIM.
    My case, User created in Portal & AD at 9:01 AM, AD picked up the user @ 9:02AM and OIM Crate GTC recon @ 9:03AM. So I need the same user should picked up by AD while it's next run which is @ 9:07AM. Since the taskes are already scheduled, I cant clear the timestamp or the update the field every minute.
    As you said I may need another schedule task which should push back the ADCS Timestamp 5 min every time. Any idea how to do that? Is there any easy way to push back the ADCS Timestamp? Or any other setting in AD which allows to pick all the users who got created/updated in given intervel of time.
    Thanks
    kln

  • OIM 11g DBAT connector - user update not working after target recon

    Hi,
    I have configured a resource (XSVR3) with the DBAT 9.1.0.5.0 connector to do provisioning and target recon to and from the same custom database table, following the example found on the connector guide. Now what happens is the following:
    - if I first provision the resource to the user everything works fine
    - if a resource is first assigned to a user as a result of a target recon, the connector then fails at propagating to the table any changes I make in the process form, returning the following error:
    <8-gen-2013 16.44.16 CET> <Error> <OIMCP.DATC> <BEA-000000> <Class/Method: DBFacade/updateParentRecord encounter some problems: Empty parent row cannot be updated. Please ensure to run reconciliation task to bring the systems in sync.>
    <8-gen-2013 16.44.16 CET> <Error> <OIMCP.DATC> <BEA-000000> <Class/Method: DBProvisioningTransportProvider/sendData encounter some problems: DB_UPDATE_EMPTY_RECORD_ERROR
    com.thortech.xl.gc.exception.DBException: DB_UPDATE_EMPTY_RECORD_ERROR
    at com.thortech.xl.gc.impl.common.DBFacade.updateParentRecord(Unknown Source)
    at com.thortech.xl.gc.impl.prov.DBProvisioningTransportProvider.sendData(Unknown Source)
    It looks like the connector is unable to find the record that needs to be updated. I've looked into the process form table of the resource on the DB (called UD_XSVR3), and I noticed that records resulting from target reconciliation have a null in the UD_XSVR3_ID column, while records resulting from a direct provisioning have the username in the same column. Updating manually the column in the first kind of records fixes the issue, but I need to know if/what have I missed in the connector configuration.
    thanks in advance
    Alex
    Edited by: Prorad on Jan 9, 2013 3:02 AM

    Hi, Prorad,
    We are having same issue. What's the resolution for the issue? Any hints will be great.
    Thanks,
    Vincent

  • 11g R2 Update user after Target Recon

    All,
    I am doing a initial target recon for users that already exist in the target. The recon was successful and I see the resource instance in the Accounts tab of the user.
    However, when I update any attribute, I see a change task for that field int he resource history but the task is getting rejected.
    Is there anything else I need to do or I am missing.
    Thanks,
    M

    The SJSDS_9.0.4.15.0.zip???
    SUN DSEE LDAP connector does not handle Change tasks properly...
    Normally for any proper handling:-
    "Change Last Name" (i.e. on User Profile) ---> This task simply transfers this value to --> "Last Name" (on process form) --> triggers --> Last Name Updated ---> Target System specific APIs --> Target System last name
    The AD User connector follows above principle..
    However, this SJSDS_9.0.4.15.0 connector violates that principle.... "Change Last Name" (i.e. on User Profile) directly tries to Target System specific APIs --> Target System last name..
    So, Process Data is NOT Updated... This answers your question that It is not updating the OIM process form.
    This leads to a very critical bug of unnecessary reconciliation event...
    (i.e. Last Name --> From John to John1 --> Target System also Changed to John1... But Process Form still has John... So, next time again when recon is run, unnecessarily recon event is raised... This time finally Process Form is updated to John1...
    This means the issue is somewhere in the recon process... See the recon mappings.. Like IT Resource etc... All field mappings...
    Anyway Retry the "Change Last Name" task.. And hopefully you have configured logs.. See those logs... In 1 minute you will be able to figure out the error... Probably IT Resource value is not being populated in the process form...
    Share the log..
    Hope it is helpful...

  • OIM 10g: Best practice for updating OIM user status from target recon?

    We have a requirement, where we need to trigger one or more updates to the OIM user record (including status) based on values pulled in from a target resource recon from an LDAP. For example, if an LDAP attribute "disable-flag=123456" then we want to disable the OIM user. Other LDAP attributes may trigger other OIM user attribute changes.
    I think I need to write a custom adapter to handle "recon insert received" and "recon update received" events from the target recon, but wanted to check with the community to see if this was the right approach. Would post-insert/post-update event handlers be a better choice?

    Thanks Nishith. That's along the lines of what I was thinking. The only issue in my case is that I might need to update additional custom attributes on the OIM User in addition to enable/disable. Because of that requirement, my thought was to call the API directly from my task adapter to do the attribute updates in addition to the enable/disable. Does this seem like a sound approach?

  • AD target Recon-Change User Id event is not generating

    Hi All,
    I have configured my OIM 9.1 with AD for target recon. I am using MSFT AD 9.1.0.0 connector pack. I wanted to check if user id field is modified in AD directly, does it reflected in OIM on next recon. For that i have modified the user's user id in AD and then run the target recon (tried with full and increamental both), but it was not generating the event (under recon manager) for that user. In jboss logs it was showing "process user change: test390's data is not modified". I tried by changing container, last name and other attrs for particular attrs but OIM showed the same message every time. As i modified the user id to previous one in AD and then run the reconciliation, event getting generated and linked and all other changes reflected (ou, last name....) in OIM process form.
    Am i missing something? Any help would really be appreciated.

    I am expecting process match here...as per my understanding process match will utilize the key fields (which is obGuid in my case) not matching rule. My matching rule is " user login equals userid".

  • Help needed in OIM 11g with respect to Target Recon

    Hi Experts,
    I have OIM 11.1.1.5.0 installed with AD Connector configured. We have 3 AD instances, so we have cloned the full AD Connector to "A_AD_RO User", "B_AD_RO User" and "C_AD_RO User" resourced with separate-separate Process defn, scheduled task, lookups and IT resource
    When I am doing target recon based on "emailID" as key from respective ID, the reconciliation events gets generated and I can see the event in Recon Manager with "No Match Found", even though the user with valid email id is present in the OIM.
    Once I do re-evaluate of reconciled user, the user target gets linked with the correct user.
    Problem: Everytime, I need to go to Recon Manager, and manually click on "Reevaluate Event", then only the target AD is getting linked to user.
    How to set it automatically?
    Has anyone faced this kind of issue?
    Any suggestion which I can apply to skip "Reevaluate Event" manually to link user with target.
    Regards,
    J
    Edited by: J_IDM on Mar 19, 2012 6:35 AM

    A few things to check.
    On the resource object, reconciliation tab. Check the recon action rules. The Entity Match is the one that matches a user to the target data if the user does not have an instance on their profile.
    Check your reconciliation rules. Make sure that you have a rule for each resource, and that it is in an active state. Also make sure the rule is a valid matching rule.
    For each resource workflow, there are configuration lookups. You must be VERY careful when cloning a resource to go through every lookup that is duplicated and make sure the values are all for the new resources.
    It sounds like you used the same adapters for every instance. This will cause a problem because there are hard coded form values in the adapter, so you will need to change those to have an input so you can specify the value for each instance. Otherwise, every provisioning task will look for the objectguid from the original workflow.
    There are lots of updates you must perform to make sure they work correctly during a clone.
    Once you have done all these, try and run your recons again, and make sure you wait till the recon completes so it processes the events in the correct bulk amounts.
    -Kevin

  • IPlanet Target Recon issue in OIM 11g

    Hi,
    I have a user in OIM and iPlanet. Normally we used to link the user from iPlanet to OIM while running iPlanet Target Recon scheduler. It was working before, suddenly we are getting the below error.
    <Info> <oracle.iam.reconciliation.impl.config> <IAM-5010000> <Generic Information: EnterpriseDirectory from cache>
    <Info> <oracle.iam.reconciliation.impl.config> <IAM-5012124> <Failed to load profile from MDS /db/EnterpriseDirectory. Error is oracle.mds.core.MetadataNotFoundException: MDS-00013: no metadata found for metadata object "/db/EnterpriseDirectory".>
    <Info> <oracle.iam.reconciliation.impl.config> <IAM-5012124> <*Failed to load profile from MDS /db/EnterpriseDirectory_backup. Error is oracle.mds.core.MetadataNotFoundException: MDS-00013: no metadata found for metadata object* "/db/EnterpriseDirectory_backup".>
    <Info> <oracle.iam.reconciliation.impl.config> <IAM-5012122> <Reading configurations from the database for object name EnterpriseDirectory>
    <Info> <oracle.iam.reconciliation.impl.config> <IAM-5010000> <Generic Information: tos not null>
    <Error> <oracle.iam.reconciliation.impl> <IAM-5010000> <Generic Information: {0}
    oracle.iam.reconciliation.exception.ConfigException: java.lang.NullPointerException
    at oracle.iam.reconciliation.impl.config.ProfileManager.lookupProfile(ProfileManager.java:174)
    at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.getProfile(ReconOperationsServiceImpl.java:2013)
    at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.ignoreEvent(ReconOperationsServiceImpl.java:367)
    at oracle.iam.reconciliation.impl.ReconOperationsServiceImpl.ignoreEvent(ReconOperationsServiceImpl.java:355)
    at Thor.API.Operations.tcReconciliationOperationsIntfEJB.ignoreEventx(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
    at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
    at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
    at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
    at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
    at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
    at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
    at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
    at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
    at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
    at $Proxy572.ignoreEventx(Unknown Source)
    at Thor.API.Operations.tcReconciliationOperationsIntfEJB_troehf_tcReconciliationOperationsIntfRemoteImpl.__WL_invoke(Unknown Source)
    at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
    We haven't deploy any patches recently and no major changes in that environment.
    Please help me to fix this issue.

    Kevin,
    I have deleted those three files from MDS and tried to recreate reconciliation profile. It throws below same error
    <Info> <oracle.iam.reconciliation.impl.config> <IAM-5010000> <Generic Information: Unable to delete backup profile : /db/EnterpriseDirectory_backup, moving forward ...>
    <Info> <oracle.iam.reconciliation.impl.config> <IAM-5010000> <Generic Information: Unable to delete, as profile does not exist : /db/EnterpriseDirectory moving forward ...>
    <Info> <oracle.iam.reconciliation.impl.config> <IAM-5012124> <Failed to load profile from MDS /db/EnterpriseDirectory. Error is oracle.mds.core.MetadataNotFoundException: MDS-00013: no metadata found for metadata object "/db/EnterpriseDirectory".>
    <Info> <oracle.iam.reconciliation.impl.config> <IAM-5012124> <Failed to load profile from MDS /db/EnterpriseDirectory_backup. Error is oracle.mds.core.MetadataNotFoundException: MDS-00013: no metadata found for metadata object "/db/EnterpriseDirectory_backup".>
    <Info> <oracle.iam.reconciliation.impl.config> <IAM-5012122> <Reading configurations from the database for object name EnterpriseDirectory>
    <Info> <oracle.iam.reconciliation.impl.config> <IAM-5010000> <Generic Information: tos not null>
    <Error> <XELLERATE.SERVER> <BEA-000000> <Error encountered during recon profile creation
    oracle.iam.reconciliation.exception.ConfigException: java.lang.NullPointerException
    at oracle.iam.reconciliation.impl.config.ReconPostImportConfigHandler.reconUpdate(ReconPostImportConfigHandler.java:153)
    at oracle.iam.reconciliation.impl.config.ReconPostImportConfigHandler.configure(ReconPostImportConfigHandler.java:110)
    at com.thortech.xl.dataobj.tcOBJ.configureReconProfile(tcOBJ.java:115)
    at com.thortech.xl.ejb.databeansimpl.tcOBJBean.configureReconProfile(tcOBJBean.java:80)
    It is trying to delete those files from MDS first before start creating new one. though it was not there it throws those exceptions. This is what I'm guessing.
    I have added filename like EnterpriseDirectory and EnterpriseDirectory_backup under /db/..... location and tried to recreate recon profile. I got the following information in logs
    <Info> <oracle.iam.reconciliation.impl.config> <IAM-5010000> <Generic Information: Operation DELETE on MetadataObject /db/EnterpriseDirectory_backup>
    <Info> <oracle.iam.reconciliation.impl.config> <IAM-5010000> <Generic Information: Operation DELETE on MetadataObject /db/EnterpriseDirectory>
    <Info> <oracle.iam.reconciliation.impl.config> <IAM-5010000> <Generic Information: Operation CREATE on MetadataObject /db/EnterpriseDirectory_backup>
    <Info> <oracle.iam.reconciliation.impl.config> <IAM-5012124> <*Failed to load profile from MDS /db/EnterpriseDirectory*. Error is oracle.mds.core.MetadataNotFoundException: MDS-00013: no metadata found for metadata object "/db/EnterpriseDirectory".>
    <Info> <oracle.iam.reconciliation.impl.config> <IAM-5012131> <Performing XML schema validation on EnterpriseDirectory>
    <Info> <oracle.iam.reconciliation.impl.config> <IAM-5012122> <Reading configurations from the database for object name EnterpriseDirectory>
    <Info> <oracle.iam.reconciliation.impl.config> <IAM-5010000> <Generic Information: tos not null>
    <Error> <XELLERATE.SERVER> <BEA-000000> <Error encountered during recon profile creation
    oracle.iam.reconciliation.exception.ConfigException: java.lang.NullPointerException
    It is deleting the existing file and creating EnterpriseDirectory_backup file only and tried to load EnterpriseDirectory file inside /db/ location before creating the file.
    Correct me if I'm wrong.
    MDS repository holds the path of file name and where it needs to store but in backend in which format it is storing all xml files, any idea?
    Edited by: S.K.N on Jun 4, 2012 7:02 PM

Maybe you are looking for

  • Repair disk permissions fail

    Hi, I repaired my disk premmisons on my mac, but in the history it says, Warning:Suid File "System/Library/core....as been modified and will not be repaired, can you tell me how to fix this, thanks.

  • Opening .pdf files in Firefox 3.6.13 spawns "infinite" tabs -- amazing!

    If I click a link to a .pdf file, Firefox will open up tab after tab after tab -- they go shooting across the top of the tab bar (it's incredible). I can use Task Manager to force FF to quit (and then manually end the Firefox.exe process since it doe

  • SPARC box

    Hi, I have a Sun V240 box with 2x1.5 Ghz , and 4x73 GB hard drives. I am going to run there Oracle 9i Database Server Entreprise Edition and BEA WebLogic Server. I need some advise about different issues before proceding with the installation of Sola

  • Can sort by date, name, etc. after 10.8.3

    In open and save dialog boxes I am unable to sort the files by any perameters. You know, select the column heading and see by file name? Pretty important, so I can see files that I created today, whatever. Anyone else have this problem? In the screen

  • Some advice please, BlazeDS and some ideas

    HEllo all, I am planning on building an app out, that has two versions,  viewer and admin.  The admin will be allowed to upload images, and then display an image of choice on the viewers page,  and be able to change these images at will, with the vie