OIM 11gR2 and AD Connector 11.1.1 Lookup Recon Tasks

Hi All,
I wonder how can I limit groups during Group and OU Lookup Recon tasks based on their distinguishedName? I tried to put a string "contains('distinguishedName','OU=xxxx')" in filter parameter for GroupLookupReconTask but it filtered everything out
We have all of our groups in a separate OU so a better solution would be to set a base dn to go and look for groups but I can't do it in LookupReconTasks as there is no such a field during lookup recon tasks.
I would appreciate any ideas how to achieve my goal.
Thank you!

Yes, I have tried that but that didn't work as in AD you just have a name of an element in CN. Beside that OU doesn't have a CN.

Similar Messages

  • OIM11gR2 - iPlanet Connector - iPlanet Trusted Delete User Recon Task

    Hello All,
    What is the standard OOTB action performed on OIM User when I run the iPlanet Trusted Delete User Recon Task?
    I couldn't tell from the connector documentation below:
    http://docs.oracle.com/cd/E11223_01/doc.904/e10446/using.htm#BABIJCFF
    Does it disable the OIM user?
    Does it delete the OIM user? (soft delete? hard delete?)
    I'm interested in soft delete.
    Thanks
    Adr

    Apologies, My previous post was intended for end date reaching.
    It just deletes the user from OIM. It does not care about end date or disable schedule jobs.
    However, the user status will be set as "deleted".
    http://docs.oracle.com/cd/E11223_01/doc.910/e11197/using_conn.htm#CACGJGGA
    P.S I gave this document for AD (However, it applies to any connector document as it is basic definition of trusted source).
    The basic behaviour and definition of trusted reconciliation is to delete the user identity in OIM if itis deleted in the source system.
    Cheers,
    Tejo.

  • Error in Ldap sync with OIM 11gr2 and OID

    Hi,
    I am trying to sync OIM 11g r2 with OID using Ldap sync option. While creating a user or role I am facing this error
    IAM-2050243 : Orchestration process with id 930, failed with error message IAM-3010201 : LDAP create event failed : Error: NO_SUCH_OBJECT null.
    Help required,
    Thanks

    Any suggestions...

  • OIM 11gR2 Request Validator Plugin and Axis based Web Service Client

    Hi,
    I am trying call a web service client generated using axis2 from a request validator plugin in OIM 11gR2 and I have all the axis related jar files under the plugin lib folder but it fails due to the axis reference issues.
    I tried putting the jar files under different locations like thirdparty folder, server lib etc. But it is giving issues every where. Please let me know if you have some solution.
    Thanks in advance,

    Haven't worked on this, but have you tried by putting the axis libraries inside the plugin lib folder when you are building up the plugin? Also you need to check asix2 compatibility with weblogic version with R2.
    -Bikash

  • OIM 11gR2 Active Directory integration issue

    Hi,
    I am trying to install AD connector on OIM 11gR2 and have successfully performed all the necessary and relevant steps according to the deployment guide.
    When i am trying to test the connector though, by running the "Active Directory Organization Lookup Recon" scheduled job i am getting the following error:
    Exception Message oracle.iam.connectors.icfcommon.exceptions.Integration
    Exception: The value for a key [Host] is not defined in the provided map.
    Kindly help me out with this
    Best Regards,
    Varun

    Hi,
    i hope you are using the AD New connector(i.e. ICF based ) and your connector server key is not set properly. Most of the cases this is arises because of connector parameters. So verify the connector parameters and also have you put the AD connector jars on connector server side.
    _Saurabh                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           

  • OIM 11gR2- Approved Requests remain in Operation Initiated Status

    Hi,
    We are using OIM 11gR2 and we are seeing the following behaviour whenver we request for Application Instance
    1) End User logs in and requests for Application Instance.
    2) The request is created and assigned to the manager for approval.
    3) Manager logs in and approves the request.
    4) The Requested resource is assigned to the user and the status of the resource is Provisioned. All the tasks in the Resource History are in Completed status.
    5) If we see the status of the request, it remains in Operation Initiated status.
    We expect the status of the Request to be Request Completed and not remain in Operation Initiated. We are sending a mail notification to the manager once resource is provisioned.
    If we remove the notification part, the status of the Request is coming as Request Completed as expected. However with notification getting triggered we are getting problem.
    Please suggest a solution.
    Thanks and Regards,
    Mayuri
    Edited by: 943112 on Mar 11, 2013 7:09 AM

    Usually after the request is approved and if there is any pending task in provisioning it goes to 'Post Operation Processing Initiated' status. If 'Task to Object Status' mapping is not done properly the request stays in the same status even though all the tasks are completed.
    check this link for various request status
    http://docs.oracle.com/cd/E27559_01/user.1112/e27151/req_mangmnt_user.htm#BGBGIIDH
    In your case it is going to 'Operation Initiated' status when notification is attached. Can you tell where have you triggered notification? In SOA approval task or in Provisioning process? If it is in SOA check whether proper status is returned to the callback webservice after that. Else if it is in provisioning check for task object status mapping.

  • OIM 11gR2 Architecture question

    Hello,
    We're setting up our development environment for OIM 11gR2 and wanted to confirm the concept of configuring a virtual IP for two application servers (each app server containing SOA and OIM).  This virtual IP would be setup on a hardware load balancer and referenced by two webtier servers in a DMZ like network.  The load balancer would straddle the DMZ and the more protected network with the two app servers.  The VIP would be referenced in moduleconf files on the Webtier servers.
    Is this supported?  Have others done something like this?
    Thanks for any input.
    Ariel

    Ariel,
       As I understood your concern is not only , if it works or not, so trying to help you: To answer your 'supported' question, please raise a SR into metalink with your CSI # . This will allow you to have a very good and direct answer on your doubt.
    I hope this helps,
    Thiago Leoncio.

  • OIM 11gR2 user not provisioning to Active Directory (11.1.1.5 connector)

    Hello all,
    I'm trying to set up an OIM 11gR2 instance to work with Active Directory with the Active Directory 11.1.1.5.0 connector. I've full installed both OIM and AD on separate servers, and I've installed the AD 11.1.1.5 connector on OIM. I have configured Active Directory properly (connector on OIM and the connector server on the AD server-side), and have set up the two IT Resources on OIM. I can run, for example, the Active Directory Organization Lookup Recon job and have it return results in the Lookup window.
    My problem is that I cannot get it to provision to a user. I've created an Application Instance and Form for Active Directory, attached the Form, associated them with the appropriate resources (AD User), and added them to the Catalog, and then gone through the process of adding an account to the user, selecting the Application Instance, adding it to the cart, checking out, filling out the fields (Password, User ID, UPN, First Name, Last Name, Common Name, and Organization Name), and then submitting the request. This is all done as the xelsysadm admin user, but it still results with the account stuck on "Provisioning" because the "Create User" task failed due to a Connector Error (the reason stated is just a repeat of "Create Object" failed).
    Anyone know what I'm missing here?
    Thank you!
    Edited by: 939908 on Nov 12, 2012 6:36 AM

    Hey 833249, thanks for your reply
    The organization field attribute is filled in correctly, in that the OU I selected exists in AD.
    These are the errors listed in the connector server log:
    +11/9/2012 9:07:07 PM <ERROR>: Class-> ActiveDirectoryUtils Method -> GetDirectoryEntry, Message -> Exception occured during the creation of directory entry.+
    +11/9/2012 9:07:07 PM <ERROR>: Class-> ActiveDirectoryUtils Method -> GetDirectoryEntry, Message -> Exception Message : Logon failure: unknown user name or bad password.+
    +11/9/2012 9:07:08 PM <ERROR>: Class-> ActiveDirectoryUtils Method -> GetDirectoryEntry, Message -> Exception Stack Trace : at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)+
    at System.DirectoryServices.DirectoryEntry.Bind()
    at System.DirectoryServices.DirectoryEntry.get_NativeObject()
    at Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryUtils.GetDirectoryEntry(String path, ActiveDirectoryConfiguration configuration) in c:\ADE\aime_oimcp\idc\bundles\dotnet\ActiveDirectory\ActiveDirectoryConnector\ActiveDirectoryUtils.cs:line 1423
    +11/9/2012 9:07:08 PM <ERROR>: Class-> ActiveDirectoryConnector Method -> Create, Message -> Encountered Excetion: Unable to get the Directory Entry+
    +11/9/2012 9:07:08 PM <ERROR>: Class-> ActiveDirectoryConnector Method -> Create, Message -> Stack Trace: at Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryUtils.GetDirectoryEntry(String path, ActiveDirectoryConfiguration configuration) in c:\ADE\aime_oimcp\idc\bundles\dotnet\ActiveDirectory\ActiveDirectoryConnector\ActiveDirectoryUtils.cs:line 1456+
    at Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryUtils.DirectoryEntryExists(String path) in c:\ADE\aime_oimcp\idc\bundles\dotnet\ActiveDirectory\ActiveDirectoryConnector\ActiveDirectoryUtils.cs:line 1512
    at Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector.Create(ObjectClass oclass, ICollection`1 attributes, OperationOptions options) in c:\ADE\aime_oimcp\idc\bundles\dotnet\ActiveDirectory\ActiveDirectoryConnector\ActiveDirectoryConnector.cs:line 219
    ConnectorServer.exe Error: 0 : Org.IdentityConnectors.Framework.Common.Exceptions.ConnectorException: Unable to get the Directory Entry
    at Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector.Create(ObjectClass oclass, ICollection`1 attributes, OperationOptions options) in c:\ADE\aime_oimcp\idc\bundles\dotnet\ActiveDirectory\ActiveDirectoryConnector\ActiveDirectoryConnector.cs:line 368
    at Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.CreateImpl.Create(ObjectClass oclass, ICollection`1 attributes, OperationOptions options) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\ApiLocalOperations.cs:line 388
    at Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.ConnectorAPIOperationRunnerProxy.Invoke(Object proxy, MethodInfo method, Object[] args) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\ApiLocalOperations.cs:line 244
    at ___proxy1.Create(ObjectClass , ICollection`1 , OperationOptions )
    at Org.IdentityConnectors.Framework.Impl.Server.ConnectionProcessor.ProcessOperationRequest(OperationRequest request) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\Server.cs:line 609
    I'm not sure why the username/password error could be occurring, as those fields in the AD IT Resource are correct (I've run AD recon jobs that have connected properly). Is there something I'm missing?

  • Problem handling SMTP address with OIM 11gR2 Exchange connector

    Hello,
    I have a problem in regarding the primary SMTP address with the Exchange connector. The connector doesn't seem to be able to update it. Changing a user's primary SMTP address from its account details in OIM creates a new secondary address in Exchange. It does not change the current primary SMTP address. This does not look like a normal behavior... Any ideas on how to fix this?
    I'm using OIM 11gR2 with BP10 with AD 11.1.1.5.0A and Exchange 11.1.1.5.0.
    Thanks,
    --jtellier

    Yes, you can try out few things suggested in below thread
    Re: Exchange Provisioning
    The error looks like form exchange server side but still not sure about it.
    Meantime open Service Request with oracle about the same as I can see other developers are also facing same issue.

  • OIM 11GR2 UNIX Connector Reconcile users from UNIX inquiry

    Good Day!
    I would like to ask whether there is a way in OIM that when I reconcile all new users from my UNIX server, OIM will also create the resource which this user is provisioned upon?
    Here is my scenario:
    1.) Freshly installed OIM 11GR2.
    2.) Installed UNIX connector on OIM 11GR2.
    3.) Configured UNIX TRUSTED Resource
    4.) Reconciled all the UNIX users into OIM. (New users are created since my OIM doesn't have any user)
    5.) The problem is when the new users are now created in OIM, they don't have entitlements or accounts linked to the UNIX server which they have been pulled upon.
    I would like to ask whether I need to configure something to have the entitlements/accounts linking possible?
    If not, what are the ways I can achieve this?
    The only way I can think of is have the UNIX users be created in a flat file first then load via GTC then have reconciliation to have OIM to link these users to UNIX which I believe should be able to do the scenario I am asking upon.
    Thanks in advance!
    Regards,
    Jeff

    By the way, checking target resource recon by default will not create new users when OIM is not able to establish a link.
    In my case, OIM doesn't have any users since this is a fresh install hence even running target resource at start will won't create the new users in OIM right?
    based from this:
    "You configure application (AD, OID, OVD, HR) etc in Target Resource Mode if that OIM is source of truth for user provisioning (All users are created in OIM and OIM then provision accounts in Application. Any changes in Application are reconciled back to OIM)."

  • Uninstall AD Connector in oim 11gR2

    Hi,
    I want to uninstall AD connector (.NET version 11.1.1.5.0) from oim 11gR2. For this, i run uninstallConnector.sh but i got this error . Do you have any idea ?
    Thanks.
    DEBUG,27 Nov 2012 11:32:07,475,[ConnectorUninstall.log],Executing the Prepared Statement for the ResourceObject: AD Group
    DEBUG,27 Nov 2012 11:32:07,476,[ConnectorUninstall.log],Successfully executed the Prepared Statement for the ResourceObject: AD Group
    DEBUG,27 Nov 2012 11:32:07,476,[ConnectorUninstall.log],Executing the Prepared Statement for the ResourceObject: AD Organizational Unit
    DEBUG,27 Nov 2012 11:32:07,477,[ConnectorUninstall.log],Successfully executed the Prepared Statement for the ResourceObject: AD Organizational Unit
    DEBUG,27 Nov 2012 11:32:07,477,[ConnectorUninstall.log],Executing the Prepared Statement for the ResourceObject: AD User
    DEBUG,27 Nov 2012 11:32:07,478,[ConnectorUninstall.log],Successfully executed the Prepared Statement for the ResourceObject: AD User
    DEBUG,27 Nov 2012 11:32:07,478,[ConnectorUninstall.log],Executing the Prepared Statement for the ResourceObject: AD User Trusted
    DEBUG,27 Nov 2012 11:32:07,478,[ConnectorUninstall.log],Successfully executed the Prepared Statement for the ResourceObject: AD User Trusted
    DEBUG,27 Nov 2012 11:32:07,479,[ConnectorUninstall.log],Exiting Method: checkAndPrintAttestationTask of Class: UninstallUtility
    DEBUG,27 Nov 2012 11:32:07,479,[ConnectorUninstall.log],Entering Method: deleteReconciliationData of Class: UninstallUtility
    DEBUG,27 Nov 2012 11:32:07,479,[ConnectorUninstall.log],Getting ReconConfigService instance.
    DEBUG,27 Nov 2012 11:32:07,500,[ConnectorUninstall.log],Successful in getting ReconConfigService instance.
    *DEBUG,27 Nov 2012 11:32:07,501,[ConnectorUninstall.log],Deleting the reconciliation profile for the resource object: AD Group*
    Exception in thread "main" oracle.iam.reconciliation.exception.ConfigException: oracle.mds.core.MetadataNotFoundException: MDS-00013: no metadata found for metadata object "/db/AD Group"
    at oracle.iam.reconciliation.impl.config.CoreProfileManagerImpl.getProfileFromMDS(CoreProfileManagerImpl.java:395)
    at oracle.iam.reconciliation.impl.config.CoreProfileManagerImpl.getProfile(CoreProfileManagerImpl.java:381)
    at oracle.iam.reconciliation.impl.config.ProfileManagerImpl.getProfile(ProfileManagerImpl.java:163)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
    at oracle.iam.platform.utils.DMSMethodInterceptor.invoke(DMSMethodInterceptor.java:25)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
    at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
    at $Proxy439.getProfile(Unknown Source)
    at oracle.iam.reconciliation.impl.ReconConfigServiceImpl.deleteProfile(ReconConfigServiceImpl.java:54)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
    at oracle.iam.platform.utils.DMSMethodInterceptor.invoke(DMSMethodInterceptor.java:25)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
    at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
    at $Proxy438.deleteProfile(Unknown Source)
    at oracle.iam.reconciliation.api.ReconConfigServiceEJB.deleteProfilex(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
    at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
    at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
    at com.oracle.pitchfork.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:34)
    at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
    at com.oracle.pitchfork.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:42)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
    at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
    at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
    at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
    at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
    at $Proxy437.deleteProfilex(Unknown Source)
    at oracle.iam.reconciliation.api.ReconConfigService_66l8sr_ReconConfigServiceRemoteImpl.__WL_invoke(Unknown Source)
    at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
    at oracle.iam.reconciliation.api.ReconConfigService_66l8sr_ReconConfigServiceRemoteImpl.deleteProfilex(Unknown Source)
    at oracle.iam.reconciliation.api.ReconConfigService_66l8sr_ReconConfigServiceRemoteImpl_WLSkel.invoke(Unknown Source)
    at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:667)
    at weblogic.rmi.cluster.ClusterableServerRef.invoke(ClusterableServerRef.java:230)
    at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:522)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
    at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:518)
    at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
    Caused by: oracle.mds.core.MetadataNotFoundException: MDS-00013: no metadata found for metadata object "/db/AD Group"
    at oracle.mds.core.MetadataObject.getBaseMO(MetadataObject.java:1331)
    at oracle.mds.core.MDSSession.getBaseMO(MDSSession.java:3200)
    at oracle.mds.core.MDSSession.getMetadataObject(MDSSession.java:1190)
    at oracle.mds.core.MDSSession.getMetadataObject(MDSSession.java:1136)
    at oracle.iam.reconciliation.impl.config.CoreProfileManagerImpl.getProfileFromMDS(CoreProfileManagerImpl.java:390)
    ... 60 more

    Yes, i did.
    I created profile from design console for AD Resource objects. Then i am getting this error;
    ey = atr.apd_key AND atr.atr_key = apt.atr_key AND apt.apt_key = atd.apt_key AND atd.oiu_key = oiu.oiu_key AND oiu.obi_key = obi.obi_key AND obi.obj_key = obj.obj_key AND obj.obj_name = ?
    DEBUG,27 Nov 2012 13:08:07,589,[ConnectorUninstall.log],Executing the Prepared Statement for the ResourceObject: AD Group
    DEBUG,27 Nov 2012 13:08:07,590,[ConnectorUninstall.log],Successfully executed the Prepared Statement for the ResourceObject: AD Group
    DEBUG,27 Nov 2012 13:08:07,590,[ConnectorUninstall.log],Executing the Prepared Statement for the ResourceObject: AD Organizational Unit
    DEBUG,27 Nov 2012 13:08:07,591,[ConnectorUninstall.log],Successfully executed the Prepared Statement for the ResourceObject: AD Organizational Unit
    DEBUG,27 Nov 2012 13:08:07,591,[ConnectorUninstall.log],Executing the Prepared Statement for the ResourceObject: AD User
    DEBUG,27 Nov 2012 13:08:07,592,[ConnectorUninstall.log],Successfully executed the Prepared Statement for the ResourceObject: AD User
    DEBUG,27 Nov 2012 13:08:07,593,[ConnectorUninstall.log],Executing the Prepared Statement for the ResourceObject: AD User Trusted
    DEBUG,27 Nov 2012 13:08:07,594,[ConnectorUninstall.log],Successfully executed the Prepared Statement for the ResourceObject: AD User Trusted
    DEBUG,27 Nov 2012 13:08:07,594,[ConnectorUninstall.log],Exiting Method: checkAndPrintAttestationTask of Class: UninstallUtility
    DEBUG,27 Nov 2012 13:08:07,594,[ConnectorUninstall.log],Entering Method: deleteReconciliationData of Class: UninstallUtility
    DEBUG,27 Nov 2012 13:08:07,594,[ConnectorUninstall.log],Getting ReconConfigService instance.
    DEBUG,27 Nov 2012 13:08:07,622,[ConnectorUninstall.log],Successful in getting ReconConfigService instance.
    *DEBUG,27 Nov 2012 13:08:07,622,[ConnectorUninstall.log],Deleting the reconciliation profile for the resource object: AD Group*
    Exception in thread "main" oracle.iam.reconciliation.exception.ConfigException: Path :: /db/RA_ADGROUPA80D3C22.xml
    at oracle.iam.reconciliation.impl.config.CoreProfileManagerImpl.removeFromMDS(CoreProfileManagerImpl.java:364)
    at oracle.iam.reconciliation.impl.config.CoreProfileManagerImpl.removeStagingEntityDef(CoreProfileManagerImpl.java:346)
    at oracle.iam.reconciliation.impl.config.CoreProfileManagerImpl.remove(CoreProfileManagerImpl.java:314)
    at oracle.iam.reconciliation.impl.config.ProfileManagerImpl.remove(ProfileManagerImpl.java:154)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    Thanks.

  • Questions : - AD Connector in OIM 11gR2

    Hi,
    Please provide your suggestions on below queries (OIM 11gR2)
    1) How to create a new AD Group from OIM? We see a "AD group" resource object created with the connector installation. Will we have create an Application instance for "AD group" RO and AD IT resource instance to achieve the AD group creation?
    2) How to manage the memebers of the AD group from OIM?
    3) How to delete a AD group from OIM?
    Thanks in advance

    Hi,
    Please provide your suggestions on below queries (OIM 11gR2)
    1) How to create a new AD Group from OIM? We see a "AD group" resource object created with the connector installation. Will we have create an Application instance for "AD group" RO and AD IT resource instance to achieve the AD group creation?
    2) How to manage the memebers of the AD group from OIM?
    3) How to delete a AD group from OIM?
    Thanks in advance

  • Configuring exchange connector in OIM 11gR2

    Hi Experts,
    I have to configure exchange connector with OIM 11gR2. I went through the connector guide and there they have mentioned about custom powershell script. Please let know from where I can get this script and the use of it. If any one is having sample script then please share it with me.
    Regards,
    Bhawna.

    Connetcor version is 11.1.1.6.0
    Also in doc it was mentioned to create a .bat file on OIM server to call this power shell script on connector server.

  • Configuring ACF2 connector with OIM 11gR2

    Hi Experts,
    I am working on configuring ACF2 connector with OIM 11gr2, In an intermediatory step we need to copy VOYAGER_ID.properties file. The comment against this file is written as: Rename VOYAGER_ID with the name "Voyager server's VOYAGER_ID control file property".
    Can anybody please tell what does this actually mean?
    thanks

    Rename the copied file to match the VOYAGER_ID property. For example, if the target system has VOYAGER_ID = VOYAGE14, then the .properties file should be named VOYAGE14.properties.
    The Voyager reconciliation agent sends a unique identifier value, called VOYAGER_ID, each time a reconciliation event occurs. This value must match the name of the .properties file being used by the topsecret-adv-agent-recon.jar file for reconciliation.

  • OIM-OID Connector: OID Group Recon Task and organizations

    Hi,
    I'm evaluating OIM and its OID Connector.
    We have groups in our existing OID. We thought that we could use the OID Connector OID Group Recon Task to import those groups into OIM and make them Groups in OIM.
    However, when we run the task, it appears to import our groups from OID as organizations, not as groups. It's not clear to me from the OID Connector documentation what exactly the OID Group Recon task is supposed to do. That's why we assumed it was an OOTB method for reconciling OID groups into OIM groups.
    What are we doing wrong? Why do we end up with our OID Groups becoming OIM Organizations after running the task?
    We are using version 9.4.11 of the OID Connector.
    Also, a side issue: how can we delete unwanted organizations from OIM? There's a delete option but it just seems to mark the organizations as deleted but they are still there.
    Thanks
    Eric
    Edited by: PeachEye on 17/03/2010 11:49

    Hi,
    I am also facing the similar issue. I want to reconcile OID groups into OIM User Groups menu item. Please suggest how to proceed.
    I ran the schedule task- OID Group Recon Task, but it throws error-
    ERROR,12 Mar 2010 09:16:44,265,[XL_INTG.OID],OID:tcTskOIDGrouporRoleReconTask:pe
    rformReconciliation():com.thortech.xl.integration.OID.util.tcUtilLDAPOperations:
    NamingException :Unable to search LDAP. Check the following values and try agai
    n: Base Search detail: cn=abc,ou=Q System1,dc=xoserve-apps,dc=com, filter expres
    sion is (&(objectClass=groupOfUniqueNames)(modifytimestamp>=19000101010001Z)), A
    ttributes : DN, modifytimestamp, Organization Name, orclguid, cn,]
    ERROR,12 Mar 2010 09:16:44,281,[XL_INTG.OID],===================================
    I want to bring OID groups into OIM so that I can manager those OID groups from OIM. Is there any other way to so this? I have to make changes in the OID object class or in the OID field mappings? I have not done any changes in Lookup OID configuration or LookUp Field map parameters.
    Please help.

Maybe you are looking for