I’ve recently had a chance to work closely with Microsoft ADAM. It’s been a couple of years so I had to refresh myself about some of the things that differentiate the two. While we were discovering the differences (some of which caused us to doubt the existence of logic, LDAP standards, and our very sanity)
- There’s no sAMAccountname attribute in ADAM
- There”s no useraccountcontrol attribute either
I’m certain that there are many others and good reasons for all of them (at least within the Microsoft universe) However, all was not lost as it gave me an opportunity to share a few excellent troubleshooting tips when working with NW IDM:
- Disable all attributes and re enable them one at a time. Eventually you’ll find out what attributes are causing the issues.
- Try switching run-time engines. Yes the Windows Engine is on the way out, but it often gives different error information. Same goes for Windows jobs, try the java engine.
- Create a template user and then read it in. This will give you a good idea of what attributes are required since the template engine will only return populated attributes. (this works great in tandem with the first tip.
Now these methods work great for database, directory and Identity Store passes.
Speaking of Identity Store and Database passes that use queries in the source, if you’re having trouble, test the query directly in a SQL environment (MS SQL Query Analyzer or Oracle iSQL) Get it working there (with better error trapping) and then paste it back into the Source Tab.
For an extra directory based tip… If to LDAP passes are giving you grief, redirect the out put to LDIF (LDAP is the standard) then you can read the output directly. Great for catching syntactial issues. If you have LDIF files associate with a viewer (or notepad) just double clock on the filename in the destination tab after the task/job completes for easy viewing. Just don’t forget to change it back!