Share via


Create a Management Agent Run Profile

For this procedure, you can create a management agent run profile. You can configure any number of run profiles for a particular management agent, with each run profile performing a specific set of steps. At least one run profile with at least one step is required to run a management agent. Not all run step types and options are available to all management agent types. Only those step types and options that are available to a particular management agent type are displayed. To complete this procedure, you must be logged on as a member of the FIMSyncAdmins security group.

To create a management agent run profile

  1. On the Tools menu, click Management Agents.

  2. In Management Agents, click the management agent that you want to create a run profile for.

  3. On the Actions menu, click Configure Run Profiles.

  4. On the Configure Run Profiles for "ManagementAgent" page, click New Profile.

  5. In Configure Run Profile, under Profile Name, in Name, type a name for the run profile, and then click Next.

  6. In Configure Run Profile, under Configure Step, under Specify step type, in Type, click one of the following step types:

    Delta Import (Stage Only)

    Task Steps

    To run an import of only those objects with content that has changed in the connected data source. Objects are imported into the connector space only.

    Click Delta Import (Stage Only).

    To specify optional settings

    Note

    Options that are labeled as "test only" are intended for use only in a test or troubleshooting environment. They are not intended for use in a production environment.

    Click Set Log File Options, and then, in Set Log File Options-- Import, click one of the following options:

    • To specify that you do not want to create a log file, click Do not create a log file.

    • To create a log file in the management agent working directory and to continue run action, click Create a log file, and then, in Type or select Log file name, type a file name, or click Select to locate an existing file that will be overwritten.

    • To create a log file in the management agent working directory and to stop any further run action, click Create a log file and stop the run. Do not stage to connector space. (test only), and then, in Type or select Log file name, type a file name, or click Select to locate an existing file that will be overwritten.

    • To resume an import from an existing log file, click Resume run from existing log file and stage to connector space (test only), and then, in Type or select Log file name, type a file name, or click Select to locate the file.

    Note

    When you resume an import from file, the watermark (which indicates when the most recent changes to an object occurred) is not adjusted, and if for any reason the MA needs to get the full object during a delta run, it won't be able to.

    Full Import (Stage Only)

    Task Steps

    To run a full import of all objects and attributes from the connected data source to the connector space. Objects are imported to the connector space only.

    Click Full Import (Stage Only).

    To specify optional settings

    Note

    Options that are labeled as "test only" are intended for use only in a test or troubleshooting environment. They are not intended for use in a production environment.

    Click Set Log File Options, and then, in Set Log File Options -- Import, click one of the following options:

    • To specify that you do not want to create a log file, click Do not create a log file.

    • To create a log file in the management agent working directory and to continue run action, click Create a log file, and then, in Type or select Log file name, type a file name, or click Select to locate an existing file that will be overwritten.

    • To create a log file in the management agent working directory and to stop any further run action, click Create a log file and stop the run. Do not stage to connector space. (test only), and then, in Type or select Log file name, type a file name, or click Select to locate an existing file that will be overwritten.

    • To resume an import from an existing log file, select Resume run from existing log file and stage to connector space (test only), and then in Type or select Log file name, type a file name or click Select to locate the file.

    Note

    When you resume an import from file, the watermark (which indicates when the most recent changes to an object occurred) is not adjusted, and if for any reason the MA needs to get the full object during a delta run, it won't be able to.

    Delta Import and Delta Synchronization

    Task Steps

    To run a delta import of only those objects and attributes from the connected data source that have changed and to reevaluate and apply synchronization rules to those objects in the connector space that have changed. Those objects and attributes in the connected data source that have changed are synchronized with the metaverse or they are disconnected, depending on rules criteria.

    Click Delta Import and Delta Synchronization.

    To specify optional settings

    Click Set Log File Options, and then, in Set Log File Options -- Import, click one of the following options:

    • To specify that you do not want to create a log file, click Do not create a log file.

    • To create a log file in the management agent working directory and to continue run action, click Create a log file, and then, in Type or select Log file name, type a file name, or click Select to locate an existing file that will be overwritten.

    Full Import and Delta Synchronization

    Task Steps

    To run a full import of all objects and attributes from the connected data source and to reevaluate and apply synchronization rules to those objects in the connector space that have changed. Those objects and attributes in the connected data source that have changed are synchronized with the metaverse or they are disconnected, depending on rules criteria. Objects in the connector space that no longer exist in the connected data source are marked obsolete, and disconnector rules are applied.

    Click Full Import and Delta Synchronization.

    To specify optional settings

    Click Set Log File Options, and then, in Set Log File Options -- Import, click one of the following options:

    • To specify that you do not want to create a log file, click Do not create a log file.

    • To create a log file in the management agent working directory and to continue run action, click Create a log file, and then, in Type or select Log file name, type a file name, or click Select to locate an existing file that will be overwritten.

    Full Import and Full Synchronization

    Task Steps

    To run a full import of all objects and attributes from the connected data source and to evaluate and apply synchronization rules to all objects and attributes in the connector space, regardless of pending state. Objects and attributes are then synchronized with the metaverse or they are disconnected, depending on rules criteria. Objects in the connector space that no longer exist in the data source are marked obsolete, and disconnector rules are applied. Objects pending export are deleted from the connector space, reevaluated, and placed in the connector space again, depending on export rules.

    Click Full Import and Full Synchronization.

    To specify optional settings

    Click Set Log File Options, and then, in Set Log File Options -- Import, click one of the following options:

    • To specify that you do not want to create a log file, click Do not create a log file.

    • To create a log file in the management agent working directory and to continue run action, click Create a log file, and then, in Type or select Log file name, type a file name, or click Select to locate an existing file that will be overwritten.

    Delta Synchronization

    Task Steps

    To reevaluate and apply synchronization rules to those objects and attributes that are staged in the connector space and that have changed. Those objects and attributes are then synchronized with the metaverse or they are disconnected, depending on rules criteria.

    Click Delta Synchronization.

    To specify optional settings

    No optional settings are available for this step type.

    Full Synchronization

    Task Steps

    To evaluate and apply synchronization rules to all objects and attributes in the connector space. Those objects and attributes are then synchronized with the metaverse or they are disconnected, depending on rules criteria.

    Click Full Synchronization.

    To specify optional settings

    No optional settings are available for this step type.

    Export

    Task Steps

    To run an export of objects and attributes from a connector space to a connected data source or to an export file. An export is always delta. Only objects and attributes in the connector space that are different from existing objects and attributes in the connected data source are exported.

    Click Export.

    To specify optional settings

    Note

    Options that are labeled as "test only" are intended for use only in a test or troubleshooting environment. They are not intended for use in a production environment.

    Click Set Log File Options, and then, in Set Log File Options -- Export, click one of the following options:

    • To specify that you do not want to create a log file, click Do not create a log file.

    • To create a log file in the management agent working directory and to continue run action, click Create a log file, and then in Type or select Log file name, type a file name, or click Select to locate an existing file that will be overwritten.

    • To create a log file in the management agent working directory and to stop any further run action, click Create a log file and stop the run. Do not export to data source. (test only), and then, in Type or select Log file name, type a file name, or click Select to locate an existing file that will be overwritten.

    • To resume an export run from an existing log file to a connected data source, click Resume run from existing log file and export to data source. (test only), and then, in Type or select Log file name, type a file name, or click Select to locate the file.

    Note

    On export, FIM does not get confirmation on a partial run, so the next export run sends out the same deltas. Also, encrypted attributes, such as passwords, are not written to the intermediate file.

  7. To specify a maximum number of objects to be processed, under Threshold, select the Specify number of objects to process check box, and then type or select the maximum number of objects that you want the management agent to import during a run. By default, this option is not selected, which indicates that all objects will be processed.

  8. To specify a maximum number of object deletions, under Threshold, select the Specify number of deletions to process check box, and then type or select the maximum number of deletions that you want the management agent to export during a run. By default, this option is not selected, which indicates that all object deletions will be processed.

  9. Click Next.

  10. In Management Agent Configuration, in Partition, click default.

  11. For file-based management agents, in Input file name, click Select, and then type the path and name for the custom data input file.

  12. For call-based management agents, in Custom Data, optionally set the following parameters:

    1. Batch size (objects): sets the number of objects that the management agent writes to the connector space at one time.

    2. Page size (objects): sets the number of objects that the management agent reads from the connected data source at one time. It is not recommended that you change the default value.

      Note

      For LDAP connected datasources, the Page Size setting should not be more than the connected server's MaxPageSize LDAP Policy value. For example, the default MaxPageSize LDAP Policy for Windows 2000 domains is 1000, and for Windows 2003 domains is 1500.

    3. Timeout (in seconds): sets the time that the management agent will wait for a response from the connected data source.

  13. Click Finish.

Important

The Specify number of deletions to process option can help prevent unwanted object deletions and critical loss of objects in the connector space and in your connected data source.
For the step types Delta Import (Stage Only), Full Import (Stage Only), Delta Import and Delta Synchronization, Full Import and Delta Synchronization, and Full Import and Full Synchronization, if the number of connector space object deletions or the number of connector space objects that become obsolete meets or exceeds the threshold number, the management agent run will stop, and an error will be entered in the event log. For these run step types, objects will be deleted in the connector space until the threshold number is reached.
For the Export step type, the number of pending object deletions in the connector space will be counted before the export to the connected data source. If the number of pending object deletions exceeds the threshold number, the export to the connected data source will not proceed, objects in the connector space that are pending deletion will be retained, and an error will be entered in the event log.
You can specify a threshold number from 0 through 9,999,999. If 0 is specified, and if there are any deletions, obsolete objects, or objects that are pending deletion, the management agent run will stop, and an error will be entered in the event log.
Deletion of placeholders does not count toward the deletion threshold.
This option is not available for an Export step type with the Resume run from existing log file and export to data source. (test only) log file option.
If you specify a threshold number in Specify number of objects to process and in Specify number of deletions to process, if either threshold number is reached, the management agent run will stop, and an error will be entered in the event log.

Important

When you run a management agent run profile in full import mode for all text file management agents except LDAP Data Interchange Format (LDIF), the change type attribute (if configured) is ignored. When you run a management agent run profile in delta mode, the change type attribute (if configured) is applied. When you run a management agent run profile in full import mode for a management agent for LDIF, the change type attribute (if configured) is checked but not enforced if it does not exist. When you run a management agent run profile in delta mode, the change type attribute (if configured) is applied, and it must be Add. For all management agent types, if an error occurs in the processing of a change type attribute, an error message is written to the event log.

Note

A run profile with a single step of Delta Import and Delta Synchronization will not process disconnector objects that already exist in a connector space.

Note

When you create a log file, the file is created as an XML file in the management agent's working directory. This file can become excessively large and significantly reduce available memory resources. The log file name cannot exceed 64 characters.

Note

When you run a run profile with Full Synchronization or Full Import and Full Synchronization run profile steps, connector space objects that are pending export are deleted, and then rules for all linked metaverse objects are reevaluated. Those objects that are configured for export are then staged again into the connector space for export. This can cause inaccurate synchronization statistics. For example, a run profile might place 50 objects that are pending export into a connector space. These 50 objects appear again as Adds in Synchronization Statistics. If you then run a reevaluate rules step, these same 50 objects appear again as Adds in Synchronization Statistics. You also see this behavior with rules extensions that determine objects that are pending export in a connector space.

Note

When you configure a run profile with a single step of the type Delta Import and Delta Synchronization, a condition can occur in which existing disconnector objects from a previous run are not processed. This condition occurs because the existing objects in the connector space that have not changed since the last run are ignored. For example, objects that have changed in a connected data source are imported to a connector space, rules determine that the object is not joined or projected to a metaverse object, and the object becomes a disconnector object. Subsequent runs with a single run profile step of type Delta Import and Delta Synchronization ignore the object because it has not changed, and the disconnector object will remain in the connector space. To prevent a buildup of disconnector objects in the connector space, run a run profile with a single step of the type Delta Synchronization. The connector objects with pending changes and the normal disconnector objects that already exist in the connector space are then processed (according to rules).

Note

For management agents for Sun directory servers, if the Sun directory server does not have change log enabled, the delta import run profile type will be disabled.

Note

For the management agent for Active Directory, if in Set Log File Options you click Create a log file and stop the run. Do not stage to a connector space. (test only), operations statistics might contain an excessively large number of deletes. This is because tombstoned objects in the log file are marked as deleted objects.

Note

For call-based management agents, if you view Step details in Configure Run Profiles for "ManagementAgent", the value for Timeout indicates that if communication with the connected data source stops responding during a management agent run, the management agent will not respond to the Stop command for the length of the time-out value. By default this value is 30 seconds. A value of 0 indicates that there will be no time-out. For extensible management agents, by default this value is 0 seconds.

See Also

Concepts

Delete a Management Agent Run Profile