I want to replicate an AD structure to ADAM, using classical provisioning. Since the source and the destination have the same structure, I would like to have a join rule that matches objects based on their distinguished name, but apparently this is not possible: the "join rule" dialog does not show the distinguished name among the data source attributes. Is this possible? Should I use a MA extension? Thanks, Paolo Paolo Tedesco - http://cern.ch/idm

You can use an MA Rules Extension. Flow the DN in from AD to an attribute then join on this. In the rules extension set the DN as one of the values to join on.

Hi Mark, The problem is that the DN is not selectable from the management agent attributes. I can create a rules extension project, and then inside the code I can use the DN of the CSEntry to join, but in the configuration what should I use? Picking a random attribute and then join using the DN from the code does not seem that good... Is there really no way to have a direct join based on DN? Thanks, PaoloPaolo Tedesco - http://cern.ch/idm

It doesn't appear so. Pick an attribute that always has a value so the rule runs.

Hello Paolo, Try the scenario using Rule Extension MapAttributeForJoin where the mapping source attribute is a random attribute - it works for me. void IMASynchronization.MapAttributesForJoin (string FlowRuleName, CSEntry csentry, ref ValueCollection values) { switch (FlowRuleName) { case "cd.user#1:sAMAccountName->MVDistinguishedName": values.Add(csentry.DN); break; } } Patrick. Patrick Layani

Hello Paolo, Try the scenario using Rule Extension MapAttributeForJoin where the mapping source attribute is a random attribute - it works for me. void IMASynchronization.MapAttributesForJoin (string FlowRuleName, CSEntry csentry, ref ValueCollection values) { switch (FlowRuleName) { case "cd.user#1:sAMAccountName->MVDistinguishedName": values.Add(csentry.DN); break; } } Patrick. Patrick Layani

Hi Patrick, Thanks for your answer. That's what we ended up doing :D Currently we're using the "cn" or "ou" attributes according to the object type. I just wanted to be sure that there are no inconveniences in mapping from a random attribute. Cheers, PaoloPaolo Tedesco - http://cern.ch/idm