Upgrading to FIM 2010 from MIIS 2003/ILM2007 – Pre Upgrade Check?

Just thought I’d let you know about a little "gotcha" lurking around the corner for anyone trying to upgrade their existing ILM solution to FIM – the potential for a clash of the new FIM (RC0) metaverse schema.
Like many others, I have used ILM/MIIS in the past to provision userProxyFull objects to a connected ADAM instance, involving the syncing of the AD objectSid attribute.  To do this you typically set up a new objectSid attribute in your metaverse and everything works like a charm … until you upgrade to FIM and happen to named your "objectSid" attribute with a different case (e.g. ObjectSid, or objectSID) …
I ran into a problem on a client site where there was a metaverse attribute already in use called objectSID.  All was fine until I created the ILM MA for the first time, causing the ILM metaverse schema update to be invoked.  What I found was that it wanted to add a new "objectSid" attribute, but threw an Unable to create the management agent. The XML format of the join rules is invalid error because this couldn’t co-exist with "objectSID".  The error wasn’t particularly friendly either, and apart from taking ages to nail down to this problem, in a production upgrade scenario this may have caused dramas because the only resoluton I could come up with was to (a) remove the existing attribute flows (thereby losing the data), delete and recreate the metaverse attribute as "objectSid", and (c) recreate the attribute flows.
I would argue that this is actually an oversight of the upgrade process … maybe there needs to be a "FIM Upgrade Compatibility Test" or something???  I would hope that RC1 won’t be so unforgiving :|.

About bobbradley1967

Microsoft IAM MVP and Solutions Architect (MCTS, MCP) - FIM/ILM/MIIS Specialist, with 20 years SQL database ( OLAP) and MS.Net applications development/SI background, in particular on the SharePoint platform
This entry was posted in FIM (ForeFront Identity Manager) 2010, ILM (Identity Lifecycle Manager) 2007 and tagged , , . Bookmark the permalink.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.