Good morning,

Recently, we went live with an Office365 Driver and it is working well.
We have, however, run in to the following scenario (which will
ultimately affect 18 Users).

We had 18 Users in Office365 who were created manually before the Driver
went live. When the Driver went live, the Driver created another User
(same User in the Source IDV) with the correct naming convention.
Because we were missing 18 Users and their associated Contact Objects,
we got Microsoft to Delete the Users created by the Driver, and to
rename the Office365 Users to the correct naming convention. (from
firstname.lastname@domain to CN@domain).

As is always the case, I made sure to remove the association off the
Source IDV and re-sync. Well, that worked with the re-sync of the User,
and the IDV User got the correct Association / ObjectID assigned, the
Office365 User got assigned the correct licenses...and all is (was)
good.

The Users we are working with used to have Exchange assigned to them in
Office365, but after the merge they no longer do (by design).

Now, it appears, that all modifications to the Source IDV Object fail
with the following showing on the Trace Screen (bad User who was renamed
by M$ first, and then a Good User who was not one of the 18 renamed
Users second). You will notice that the wonky User has an extra
Set-MailBox -Identity PS command which causes the failure...whereas the
Good User does not...even though in Office365 they are licensed the same
and do not have Exchange.

@ Recently Renamed User @

<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.5.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<modify cached-time="20160824091137.925Z" class-name="MSolUser"
event-id="metadir05#20160824091137#4#1:5387661d-a62b-4448-8385-1d6687532ba6"
qualified-src-dn="O=MRFA\OU=Personer\OU=Ansatt\CN=gerhol"
src-dn="\MRFA-META\MRFA\Personer\Ansatt\gerhol" src-entry-id="33524"
timestamp="1472029895#2">
<association
state="associated">a123dcf1-6640-4b49-a1f5-ddbd03ffe18f</association>
<modify-attr attr-name="MobilePhone">
<remove-value>
<value timestamp="1472029418#2"
type="teleNumber">48290001-1</value>
</remove-value>
<add-value>
<value timestamp="1472029895#2"
type="teleNumber">48290001</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
DirXML: [08.24.16 11:12:16.220]: TRACE: SUB: get-pssession
DirXML: [08.24.16 11:12:16.220]: TRACE: SUB: Get-User -Identity
a123dcf1-6640-4b49-a1f5-ddbd03ffe18f
DirXML: [08.24.16 11:12:17.001]: TRACE: SUB: get-pssession
DirXML: [08.24.16 11:12:17.001]: TRACE: SUB: get-msoluser -ObjectId
a123dcf1-6640-4b49-a1f5-ddbd03ffe18f
DirXML: [08.24.16 11:12:17.454]: TRACE: SUB: get-pssession
DirXML: [08.24.16 11:12:17.454]: TRACE: : Set-MailBox -Identity
'a123dcf1-6640-4b49-a1f5-ddbd03ffe18f'
DirXML: [08.24.16 11:12:18.064]: TRACE: : The operation couldn't be
performed because object 'a123dcf1-6640-4b49-a1f5-ddbd03ffe18f' couldn't
be found on 'AM3PR02A003DC02.EURPR02A003.prod.outlook.com'.
DirXML: [08.24.16 11:12:18.064]: TRACE: Remote Loader:
SubscriptionShim.execute() returned:
DirXML: [08.24.16 11:12:18.064]: TRACE:
<nds dtdversion="3.5">
<source>
<product
instance="\MRFA-META\MRFA\Tjenester\IDM\DriverSet\MSOffice365"
version="4.1.0.2" build="201601262114">Identity Manager Driver for
Microsoft Office365</product>
<contact>NetIQ, Corporation.</contact>
</source>
<output>
<status level="error"
event-id="metadir05#20160824091137#4#1:5387661d-a62b-4448-8385-1d6687532ba6"
type="driver-general"> The operation couldn't be performed because
object 'a123dcf1-6640-4b49-a1f5-ddbd03ffe18f' couldn't be found on
'AM3PR02A003DC02.EURPR02A003.prod.outlook.com'.</status>
</output>
</nds>
DirXML: [08.24.16 11:12:18.064]: TRACE: Remote Loader: Sending...

@ OK User, who was never renamed @
@ The only difference is, the Set-MailBox command is never run in this
instance @

<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.5.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<modify cached-time="20160824091928.910Z" class-name="MSolUser"
event-id="metadir05#20160824091928#4#2:d99d3ac9-93d8-48a1-f298-c93a9dd9d893"
qualified-src-dn="O=MRFA\OU=Personer\OU=Ansatt\CN=gekven"
src-dn="\MRFA-META\MRFA\Personer\Ansatt\gekven" src-entry-id="107590"
timestamp="1472030361#2">
<association
state="associated">71e11263-e326-41e5-a003-b86387c381c1</association>
<modify-attr attr-name="MobilePhone">
<remove-value>
<value timestamp="1472027716#2"
type="teleNumber">97524574</value>
</remove-value>
<add-value>
<value timestamp="1472030361#2"
type="teleNumber">97524574-1</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
DirXML: [08.24.16 11:19:32.424]: TRACE: SUB: get-pssession
DirXML: [08.24.16 11:19:32.424]: TRACE: SUB: Get-User -Identity
71e11263-e326-41e5-a003-b86387c381c1
DirXML: [08.24.16 11:19:33.002]: TRACE: SUB: get-pssession
DirXML: [08.24.16 11:19:33.002]: TRACE: SUB: get-msoluser -ObjectId
71e11263-e326-41e5-a003-b86387c381c1
DirXML: [08.24.16 11:19:33.346]: TRACE: SUB: get-pssession
DirXML: [08.24.16 11:19:33.346]: TRACE: : Set-MSolUser -MobilePhone
'97524574-1' -ObjectID '71e11263-e326-41e5-a003-b86387c381c1'
DirXML: [08.24.16 11:19:33.658]: TRACE: PUB: In Construct Cache
DirXML: [08.24.16 11:19:33.690]: TRACE: Remote Loader:
SubscriptionShim.execute() returned:
DirXML: [08.24.16 11:19:33.690]: TRACE:
<nds dtdversion="3.5">
<source>
<product
instance="\MRFA-META\MRFA\Tjenester\IDM\DriverSet\MSOffice365"
version="4.1.0.2" build="201601262114">Identity Manager Driver for
Microsoft Office365</product>
<contact>NetIQ, Corporation.</contact>
</source>
<output>
<status level="success"
event-id="metadir05#20160824091928#4#2:d99d3ac9-93d8-48a1-f298-c93a9dd9d893"
/>
</output>
</nds>
DirXML: [08.24.16 11:19:33.690]: TRACE: Remote Loader: Sending..

We are getting M$ to look in to it, but it appears strange to me.

Thanks for any insights.

-K


--
karmst
------------------------------------------------------------------------
karmst's Profile: https://forums.netiq.com/member.php?userid=2806
View this thread: https://forums.netiq.com/showthread.php?t=56478