Just thought I’d let you know about a little "gotcha" lurking around the corner for anyone trying to upgrade their existing ILM solution to FIM – the potential for a clash of the new FIM (RC0) metaverse schema.

 

Like many others, I have used ILM/MIIS in the past to provision userProxyFull objects to a connected ADAM instance, involving the syncing of the AD objectSid attribute.  To do this you typically set up a new objectSid attribute in your metaverse and everything works like a charm … until you upgrade to FIM and happen to named your "objectSid" attribute with a different case (e.g. ObjectSid, or objectSID) …

 

I ran into a problem on a client site where there was a metaverse attribute already in use called objectSID.  All was fine until I created the ILM MA for the first time, causing the ILM metaverse schema update to be invoked.  What I found was that it wanted to add a new "objectSid" attribute, but threw an Unable to create the management agent. The XML format of the join rules is invalid error because this couldn’t co-exist with "objectSID".  The error wasn’t particularly friendly either, and apart from taking ages to nail down to this problem, in a production upgrade scenario this may have caused dramas because the only resoluton I could come up with was to (a) remove the existing attribute flows (thereby losing the data), delete and recreate the metaverse attribute as "objectSid", and (c) recreate the attribute flows.

 

I would argue that this is actually an oversight of the upgrade process … maybe there needs to be a "FIM Upgrade Compatibility Test" or something???  I would hope that RC1 won’t be so unforgiving :|.